Marcus Updateinfo to OVAL Converter 5.5 2022-05-23T06:33:34 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Opera was updated to version 63.0.3368.88: - DNA-79103 Saving link to bookmarks saves it to Other bookmarks folder - DNA-79455 Crash at views::MenuController:: FindNextSelectableMenuItem(views::MenuItemView*, int, views:: MenuController::SelectionIncrementDirectionType, bool) - DNA-79579 Continuous packages using new_mac_bundle_structure do not run - DNA-79611 Update opauto_paths.py:GetResourcesDir - DNA-79621 Add support for new bundle structure to old autoupdate clients - DNA-80131 Sign Opera Helper(GPU).app opera_components/tracking_data/tracking_data_paths.cc - DNA-80638 Cherry-pick fix for CreditCardTest. UpdateFromImportedCard_ExpiredVerifiedCardUpdatedWithSameName - DNA-80801 Very slow tab deletion process Moderate cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175). - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176). - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172175 SUSE bug 1172176 CVE-2020-11076 CVE-2020-11077 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for pdns-recursor fixes the following issues: - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication (boo#1173302). Moderate SUSE bug 1173302 CVE-2020-14196 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1125401 SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 SUSE bug 992038 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for singularity fixes the following issues: - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems: - CVE-2020-13845, boo#1174150 In Singularity 3.x versions below 3.6.0, issues allow the ECL to be bypassed by a malicious user. - CVE-2020-13846, boo#1174148 In Singularity 3.5 the --all / -a option to singularity verify returns success even when some objects in a SIF container are not signed, or cannot be verified. - CVE-2020-13847, boo#1174152 In Singularity 3.x versions below 3.6.0, Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file, allowing an attacker to cause unexpected behavior. A signed container may verify successfully, even when it has been modified in ways that could be exploited to cause malicious behavior. - New features / functionalities - A new '--legacy-insecure' flag to verify allows verification of SIF signatures in the old, insecure format. - A new '-l / --logs' flag for instance list that shows the paths to instance STDERR / STDOUT log files. - The --json output of instance list now include paths to STDERR / STDOUT log files. - Singularity now supports the execution of minimal Docker/OCI containers that do not contain /bin/sh, e.g. docker://hello-world. - A new cache structure is used that is concurrency safe on a filesystem that supports atomic rename. If you downgrade to Singularity 3.5 or older after using 3.6 you will need to run singularity cache clean. - A plugin system rework adds new hook points that will allow the development of plugins that modify behavior of the runtime. An image driver concept is introduced for plugins to support new ways of handling image and overlay mounts. Plugins built for <=3.5 are not compatible with 3.6. - The --bind flag can now bind directories from a SIF or ext3 image into a container. - The --fusemount feature to mount filesystems to a container via FUSE drivers is now a supported feature (previously an experimental hidden flag). - This permits users to mount e.g. sshfs and cvmfs filesystems to the container at runtime. - A new -c/--config flag allows an alternative singularity.conf to be specified by the root user, or all users in an unprivileged installation. - A new --env flag allows container environment variables to be set via the Singularity command line. - A new --env-file flag allows container environment variables to be set from a specified file. - A new --days flag for cache clean allows removal of items older than a specified number of days. Replaces the --name flag which is not generally useful as the cache entries are stored by hash, not a friendly name. - Changed defaults / behaviours - New signature format (see security fixes above). - Fixed spacing of singularity instance list to be dynamically changing based off of input lengths instead of fixed number of spaces to account for long instance names. - Environment variables prefixed with SINGULARITYENV_ always take precedence over variables without SINGULARITYENV_ prefix. - The %post build section inherits environment variables from the base image. - %files from ... will now follow symlinks for sources that are directly specified, or directly resolved from a glob pattern. It will not follow symlinks found through directory traversal. This mirrors Docker multi-stage COPY behaviour. - Restored the CWD mount behaviour of v2, implying that CWD path is not recreated inside container and any symlinks in the CWD path are not resolved anymore to determine the destination path inside container. - The %test build section is executed the same manner as singularity test image. --fusemount with the container: default directive will foreground the FUSE process. Use container-daemon: for previous behavior. - Deprecate -a / --all option to sign/verify as new signature behavior makes this the default. - For more information about upstream changes, please check: https://github.com/hpcng/singularity/blob/master/CHANGELOG.md - Removed --name flag for cache clean; replaced with --days. Important SUSE bug 1174148 SUSE bug 1174150 SUSE bug 1174152 CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed (bsc#1169978) + Do not add the created user to the adm (CVE-2020-8903), docker (CVE-2020-8907), or lxd (CVE-2020-8933) groups if they exist (bsc#1173258) Important SUSE bug 1169978 SUSE bug 1173258 CVE-2020-8903 CVE-2020-8907 CVE-2020-8933 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openexr fixes the following issues: - CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466). - CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467). - CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469). Moderate SUSE bug 1173466 SUSE bug 1173467 SUSE bug 1173469 CVE-2020-15304 CVE-2020-15305 CVE-2020-15306 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mumble fixes the following issues: mumble was updated 1.3.2: * client: Fixed overlay not starting Update to upstream version 1.3.1 - Security * Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041 - ICE * Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835) - GRPC * Fixed: Segmentation fault during murmur shutdown (#3938) - Client * Fixed: Crash when using multiple monitors (#3756) * Fixed: Don't send empty message from clipboard via shortcut, if clipboard is empty (#3864) * Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006) * Fixed: High CPU usage for update-check if update server not available (#4019) * Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029) * Fixed: Small parts of whispering leaking out (#4051) * Fixed: Last audio frame of normal talking is sent to last whisper target (#4050) * Fixed: LAN-icon not found in ConnectDialog (#4058) * Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801) * Improved: Don't send empty data to PulseAudio (#3316) * Improved: Use the SRV resolved port for UDP connections (#3820) * Improved: Manual Plugin UI (#3919) * Improved: Don't start Jack server by default (#3990) * Improved: Overlay doesn't hook into all other processes by default (#4041) * Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123) - Server * Fixed: Possibility to circumvent max user-count in channel (#3880) * Fixed: Rate-limit implementation susceptible to time-underflow (#4004) * Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032) * Fixed: VersionCheck for SQL for when to use the WAL feature (#4163) * Fixed: Wrong database encoding that could lead to server-crash (#4220) * Fixed: DB crash due to primary key violation (now performs 'UPSERT' to avoid this) (#4105) * Improved: The fields in the Version ProtoBuf message are now size-restricted (#4101) - use the 'profile profilename /path/to/binary' syntax to make 'ps aufxZ' more readable Moderate SUSE bug 1174041 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Update to 84.0.4147.89 boo#1174189: * Critical CVE-2020-6510: Heap buffer overflow in background fetch. * High CVE-2020-6511: Side-channel information leakage in content security policy. * High CVE-2020-6512: Type Confusion in V8. * High CVE-2020-6513: Heap buffer overflow in PDFium. * High CVE-2020-6514: Inappropriate implementation in WebRTC. * High CVE-2020-6515: Use after free in tab strip. * High CVE-2020-6516: Policy bypass in CORS. * High CVE-2020-6517: Heap buffer overflow in history. * Medium CVE-2020-6518: Use after free in developer tools. * Medium CVE-2020-6519: Policy bypass in CSP. * Medium CVE-2020-6520: Heap buffer overflow in Skia. * Medium CVE-2020-6521: Side-channel information leakage in autofill. * Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. * Medium CVE-2020-6523: Out of bounds write in Skia. * Medium CVE-2020-6524: Heap buffer overflow in WebAudio. * Medium CVE-2020-6525: Heap buffer overflow in Skia. * Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. * Low CVE-2020-6527: Insufficient policy enforcement in CSP. * Low CVE-2020-6528: Incorrect security UI in basic auth. * Low CVE-2020-6529: Inappropriate implementation in WebRTC. * Low CVE-2020-6530: Out of bounds memory access in developer tools. * Low CVE-2020-6531: Side-channel information leakage in scroll to text. * Low CVE-2020-6533: Type Confusion in V8. * Low CVE-2020-6534: Heap buffer overflow in WebRTC. * Low CVE-2020-6535: Insufficient data validation in WebUI. * Low CVE-2020-6536: Incorrect security UI in PWAs. - Use bundled xcb-proto as we need to generate py2 bindings - Try to fix non-wayland build for Leap builds Important SUSE bug 1174189 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ant fixes the following issues: - CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1171696 CVE-2020-1945 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1141320 SUSE bug 1162680 SUSE bug 1169095 SUSE bug 1169521 SUSE bug 1169850 SUSE bug 1169851 SUSE bug 1171437 SUSE bug 1172307 SUSE bug 1173159 SUSE bug 1173160 SUSE bug 1173161 SUSE bug 1173359 SUSE bug 1174120 CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1171862 CVE-2020-12823 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR * Fixed: Security fix * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) Moderate SUSE bug 1173948 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 Moderate SUSE bug 1172410 CVE-2020-10749 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.13: * Query XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023) * Lack of escaping on some pages can lead to XSS exposure * Update PHPMailer to 6.1.6 (CVE-2020-13625) * SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295, boo#1173090) * Lack of escaping on template import can lead to XSS exposure - switch from cron to systemd timers (boo#1115436): + cacti-cron.timer + cacti-cron.service - avoid potential root escalation on systems with fs.protected_hardlinks=0 (boo#1154087): handle directory permissions in file section instead of using chown during post installation - rewrote apache configuration to get rid of .htaccess files and explicitely disable directory permissions per default (only allow a limited, well-known set of directories) Moderate SUSE bug 1115436 SUSE bug 1154087 SUSE bug 1173090 CVE-2020-11022 CVE-2020-11023 CVE-2020-13625 CVE-2020-14295 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). The following non-security bugs were fixed: - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert 'disable ethtool link speed detection when auto negotiation off' (git-fixes). - bdev: fix bdev inode reference count disbalance regression (bsc#1174244) - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to 'flash_device' (bsc#1173894). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - Fix boot crash with MD (bsc#1173860) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - iio: bmp280: fix compensation of humidity (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mvpp2: remove module bugfix (bsc#1154353). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (git-fixes). - Revert 'i2c: tegra: Fix suspending in active runtime PM state' (git-fixes). - Revert 'ipv6: add mtu lock check in __ip6_rt_update_pmtu' (networking-stable-20_05_16). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix race against ptrace_freeze_trace() (bsc#1174345). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: ngd: get drvdata from correct device (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - Update patch reference tag for ACPI lockdown fix (bsc#1173573) - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). Important SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1155798 SUSE bug 1156395 SUSE bug 1158983 SUSE bug 1162702 SUSE bug 1167773 SUSE bug 1169094 SUSE bug 1170284 SUSE bug 1170617 SUSE bug 1171150 SUSE bug 1171529 SUSE bug 1171530 SUSE bug 1171732 SUSE bug 1172344 SUSE bug 1172543 SUSE bug 1172687 SUSE bug 1172871 SUSE bug 1173284 SUSE bug 1173514 SUSE bug 1173552 SUSE bug 1173573 SUSE bug 1173625 SUSE bug 1173746 SUSE bug 1173776 SUSE bug 1173817 SUSE bug 1173818 SUSE bug 1173820 SUSE bug 1173822 SUSE bug 1173823 SUSE bug 1173824 SUSE bug 1173825 SUSE bug 1173826 SUSE bug 1173827 SUSE bug 1173828 SUSE bug 1173830 SUSE bug 1173831 SUSE bug 1173832 SUSE bug 1173833 SUSE bug 1173834 SUSE bug 1173836 SUSE bug 1173837 SUSE bug 1173838 SUSE bug 1173839 SUSE bug 1173841 SUSE bug 1173843 SUSE bug 1173844 SUSE bug 1173845 SUSE bug 1173847 SUSE bug 1173860 SUSE bug 1173894 SUSE bug 1174018 SUSE bug 1174244 SUSE bug 1174345 CVE-2020-12771 CVE-2020-15393 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1173389 CVE-2020-11996 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for knot fixes the following issues: - CVE-2017-11104: Fixed an improper implementation of TSIG protocol which could have allowed an attacker with a valid key name and algorithm to bypass TSIG authentication (boo#1047841). Moderate SUSE bug 1047841 CVE-2017-11104 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for perl-YAML-LibYAML fixes the following issues: perl-YAML-LibYAML was updated to 0.69: [bsc#1173703] * Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. * Clarify documentation about exported functions * Dump() was modifying original data, adding a PV to numbers * Support standard tags !!str, !!map and !!seq instead of dying. * Support JSON::PP::Boolean and boolean.pm via $YAML::XS::Boolean. * Fix regex roundtrip. Fix loading of many regexes. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173703 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.13 fixes the following issues: - go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the database/sql, net/http, and reflect packages Refs bsc#1149259 go1.13 release tracking * go#39925 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39848 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39823 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39697 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39561 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it tries to use an older version of dlv which only supports linux/amd64 * go#39538 net: TestDialParallel is flaky on windows-amd64-longtest * go#39287 cmd/vet: update for new number formats * go#40211 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40209 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) * go#38932 runtime: preemption in startTemplateThread may cause infinite hang * go#36689 go/types, math/big: data race in go/types due to math/big.Rat accessors unsafe for concurrent use - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1149259 SUSE bug 1169832 SUSE bug 1172868 SUSE bug 1174153 SUSE bug 1174191 CVE-2020-14039 CVE-2020-15586 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices (bsc#1170824) - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS. + Rebase and update patches for version 2.18.0 - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. #21714, @hugohaggmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - ShareQuery: Fixed issue when using -- Dashboard -- datasource (to share query result) when dashboard had rows. #19610, @torkelo - Show SAML login button if SAML is enabled. #19591, @papagian - SingleStat: Fixes postfix/prefix usage. #19687, @hugohaggmark - Table: Proper handling of json data with dataframes. #19596, @marefr - Units: Fixed wrong id for Terabits/sec. #19611, @andreaslangnevyjel - Changes from 6.4.1 * Bug Fixes - Provisioning: Fixed issue where empty nested keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode… #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and koan: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) - Fix os-release version detection for SUSE mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly 'successful' and 'successfully' - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - 1.0.7 - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1113160 SUSE bug 1138822 SUSE bug 1142038 SUSE bug 1148177 SUSE bug 1153090 SUSE bug 1153277 SUSE bug 1154940 SUSE bug 1154968 SUSE bug 1155372 SUSE bug 1163871 SUSE bug 1165921 SUSE bug 1168310 SUSE bug 1170231 SUSE bug 1170557 SUSE bug 1170824 SUSE bug 1171687 SUSE bug 1172462 CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device (nbd) support infrastructure (bsc#1172710). - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation (bsc#1172495). - CVE-2020-13659: Fixed a null pointer dereference possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172386). - CVE-2020-13362: Fixed an OOB access possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172383). - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172383 SUSE bug 1172384 SUSE bug 1172386 SUSE bug 1172495 SUSE bug 1172710 CVE-2020-10761 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1174117 SUSE bug 1174121 CVE-2020-13934 CVE-2020-13935 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173674 CVE-2020-15503 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for claws-mail fixes the following issues: - Update to 3.17.6: * It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. * A Phishing warning is now shown when copying a phishing URL, (in addition to clicking a phishing URL). * The progress window when importing an mbox file is now more responsive. * A warning dialogue is shown if the selected privacy system is 'None' and automatic signing amd/or encrypting is enabled. * Python plugin: pkgconfig is now used to check for python2. This enables the Python plugin (which uses python2) to be built on newer systems which have both python2 and python3. - CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457). Moderate SUSE bug 1174457 CVE-2020-15917 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed the permissions in /etc/target (bsc#1172743) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1172743 CVE-2020-13867 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 Chromium was updated to 84.0.4147.105 (boo#1174582): * CVE-2020-6537: Type Confusion in V8 * CVE-2020-6538: Inappropriate implementation in WebView * CVE-2020-6532: Use after free in SCTP * CVE-2020-6539: Use after free in CSS * CVE-2020-6540: Heap buffer overflow in Skia * CVE-2020-6541: Use after free in WebUSB Low SUSE bug 1174582 CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-rtslib-fb fixes the following issues: - Update to version v2.1.73 (bsc#1173257 CVE-2020-14019): * version 2.1.73 * save_to_file: fix fd open mode * saveconfig: copy temp configfile with permissions * saveconfig: open the temp configfile with modes set * Fix 'is not' with a literal SyntaxWarning * Fix an incorrect config path in two comments * version 2.1.72 * Do not change dbroot after drivers have been registered * Remove '_if_needed' from RTSRoot._set_dbroot()'s name Replacing old tarball with python-rtslib-fb-v2.1.73.tar.xz This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1173257 CVE-2020-14019 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer - Use grub_calloc for overflow check and return NULL when it would occur This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: - Update to version 70.0.3728.71 - DNA-86267 Make `Recently closed tabs` appearance consistent with `Search for open tabs`. - DNA-86988 Opera 70 translations - DNA-87530 Zen news leads not loading - DNA-87636 Fix displaying folder icon for closed windows in recently closed list - DNA-87682 Replace Extensions icon in toolbar with icon from sidebar - DNA-87756 Extend chrome.sessions.getRecentlyClosed with information about last active tab in window. - DNA-87778 Crash at opera::InstantSearchViewViews:: ~InstantSearchViewViews() - DNA-87815 Change affiliate links for AliExpress Search - Update to version 70.0.3728.59 - CHR-8010 Update chromium on desktop-stable-84-3728 to 84.0.4147.89 - DNA-87019 The video image does not respond to the pressing after closed the “Quit Opera?” dialog - DNA-87342 Fix right padding in settings > weather section - DNA-87427 Remove unneeded information from the requests’ diagnostics - DNA-87560 Crash at views::Widget::GetNativeView() - DNA-87561 Crash at CRYPTO_BUFFER_len - DNA-87599 Bypass VPN for default search engines doesn’t work - DNA-87611 Unittests fails on declarativeNetRequest and declarativeNetRequestFeedback permissions - DNA-87612 [Mac] Misaligned icon in address bar - DNA-87619 [Win/Lin] Misaligned icon in address bar - DNA-87716 [macOS/Windows] Crash when Search in tabs is open and Opera is minimised - DNA-87749 Crash at opera::InstantSearchSuggestionLineView:: SetIsHighlighted(bool) - The update to chromium 84.0.4147.89 fixes following issues: - CVE-2020-6510, CVE-2020-6511, CVE-2020-6512, CVE-2020-6513, CVE-2020-6514, CVE-2020-6515, CVE-2020-6516, CVE-2020-6517, CVE-2020-6518, CVE-2020-6519, CVE-2020-6520, CVE-2020-6521, CVE-2020-6522, CVE-2020-6523, CVE-2020-6524, CVE-2020-6525, CVE-2020-6526, CVE-2020-6527, CVE-2020-6528, CVE-2020-6529, CVE-2020-6530, CVE-2020-6531, CVE-2020-6533, CVE-2020-6534, CVE-2020-6535, CVE-2020-6536 - Complete Opera 70.0 changelog at: https://blogs.opera.com/desktop/changelog-for-70/ - Update to version 69.0.3686.77 - DNA-84207 New Yubikey enrollment is not working - DNA-87185 Lost translation - DNA-87382 Integrate scrolling to top of the feed with the existing scroll position restoration - DNA-87535 Sort out news on startpage state - DNA-87588 Merge “Prevent pointer from being sent in the clear over SCTP” to desktop-stable-83-3686 - Update to version 69.0.3686.57 - DNA-86682 Title case in Russian translation - DNA-86807 Title case in O69 BR Portuguese translation - DNA-87104 Right click context menu becomes scrollable sometimes - DNA-87376 Search in tabs opens significantly slower in O69 - DNA-87505 [Welcome Pages][Stats] Session stats for Welcome and Upgrade pages - DNA-87535 Sort out news on startpage state Moderate CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ark fixes the following issues: - Fixed a directory traversal bug (boo#1174773, CVE-2020-16116). Moderate SUSE bug 1174773 CVE-2020-16116 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: This update for MozillaFirefox and pipewire fixes the following issues: MozillaFirefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 pipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308): * Extensive memory leak fixing and stress testing was done. A big leak in screen sharing with DMA-BUF was fixed. * Compile fixes * Stability improvements in jack and pulseaudio layers. * Added the old portal module to make the Camera portal work again. This will be moved to the session manager in future versions. * Improvements to the GStreamer source and sink shutdown. * Fix compatibility with v2 clients again when negotiating buffers. This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1171433 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172356 SUSE bug 1174543 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157) * Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming + JDK-8233239, CVE-2020-14562: Enhance TIFF support + JDK-8233255: Better Swing Buttons + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238013: Enhance String writing + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240482: Improved WAV file playback + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling * Other changes: + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created + JDK-7124307: JSpinner and changing value by mouse + JDK-8022574: remove HaltNode code after uncommon trap calls + JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly + JDK-8080353: JShell: Better error message on attempting to add default method + JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily + JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method + JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + JDK-8189861: Refactor CacheFind + JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently + JDK-8191930: [Graal] emits unparseable XML into compile log + JDK-8193879: Java debugger hangs on method invocation + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 + JDK-8203672: JNI exception pending in PlainSocketImpl.c + JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 + JDK-8204834: Fix confusing 'allocate' naming in OopStorage + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure + JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174157 CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.13 fixes the following issues: - go1.13 was updated to version 1.13.5 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1149259 SUSE bug 1174977 CVE-2020-16845 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wireshark fixes the following issues: - Wireshark to 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop (bsc#1173606) * CVE-2020-13164: NFS dissector crash (bsc#1171899) * CVE-2020-11647: The BACapp dissector could crash (bsc#1169063) - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1169063 SUSE bug 1171899 SUSE bug 1173606 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xrdp fixes the following issues: - Update to version 0.9.13.1 + This is a security fix release that includes fixes for the following local buffer overflow vulnerability (bsc#1173580): CVE-2020-4044 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1173580 CVE-2020-4044 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Updated to Mozilla Thunderbird 68.11: * Fixed various security issues (MFSA-2020-35, bsc#1174538). * Fixed CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker (bsc#1174538). * Fixed CVE-2020-6514: WebRTC data channel leaks internal address to peer (bsc#1174538). * Fixed CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture (bsc#1174538). * Fixed CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11 (bsc#1174538). * Fixed a bug with FileLink attachments included as a link and file when added from a network drive via drag & drop (bmo#793118). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174538 CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Chromium updated to 84.0.4147.125 (boo#1175085) * CVE-2020-6542: Use after free in ANGLE * CVE-2020-6543: Use after free in task scheduling * CVE-2020-6544: Use after free in media * CVE-2020-6545: Use after free in audio * CVE-2020-6546: Inappropriate implementation in installer * CVE-2020-6547: Incorrect security UI in media * CVE-2020-6548: Heap buffer overflow in Skia * CVE-2020-6549: Use after free in media * CVE-2020-6550: Use after free in IndexedDB * CVE-2020-6551: Use after free in WebXR * CVE-2020-6552: Use after free in Blink * CVE-2020-6553: Use after free in offline mode * CVE-2020-6554: Use after free in extensions * CVE-2020-6555: Out of bounds read in WebGL * Various fixes from internal audits, fuzzing and other initiatives - Disable wayland everywhere as it breaks headless and middle mouse copy everywhere: boo#1174497 boo#1175044 Important SUSE bug 1174497 SUSE bug 1175044 SUSE bug 1175085 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for firejail fixes the following issues: - CVE-2020-17367: The end-of-options separator -- was not handled correctly (boo#1174986). - CVE-2020-17368: An attacker who has control over the command line arguments could run arbitrary commands (boo#1174986). Moderate SUSE bug 1174986 CVE-2020-17367 CVE-2020-17368 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hylafax+ fixes the following issues: Hylafax was updated to upstream version 7.0.3. Security issues fixed: - CVE-2020-15396: Secure temporary directory creation for faxsetup, faxaddmodem, and probemodem (boo#1173521). - CVE-2020-15397: Sourcing of files into binaries from user writeable directories (boo#1173519). Non-security issues fixed: * add UseSSLFax feature in sendfax, sendfax.conf, hyla.conf, and JobControl (31 Jul 2020) * be more resilient in listening for the Phase C carrier (30 Jul 2020) * make sure to return to command mode if HDLC receive times out (29 Jul 2020) * make faxmail ignore boundaries on parts other than multiparts (29 Jul 2020) * don't attempt to write zero bytes of data to a TIFF (29 Jul 2020) * don't ever respond to CRP with CRP (28 Jul 2020) * reset frame counter when a sender retransmits PPS for a previously confirmed ECM block (26 Jul 2020) * scrutinize PPM before concluding that the sender missed our MCF (23 Jul 2020) * fix modem recovery after SSL Fax failure (22, 26 Jul 2020) * ignore echo of PPR, RTN, CRP (10, 13, 21 Jul 2020) * attempt to handle NSF/CSI/DIS in Class 1 sending Phase D (6 Jul 2020) * run scripts directly rather than invoking them via a shell for security hardening (3-5 Jul 2020) * add senderFumblesECM feature (3 Jul 2020) * add support for PIN/PIP/PRI-Q/PPS-PRI-Q signals, add senderConfusesPIN feature, and utilize PIN for rare conditions where it may be helpful (2, 6, 13-14 Jul 2020) * add senderConfusesRTN feature (25-26 Jun 2020) * add MissedPageHandling feature (24 Jun 2020) * use and handle CFR in Phase D to retransmit Phase C (16, 23 Jun 2020) * cope with hearing echo of RR, CTC during Class 1 sending (15-17 Jun 2020) * fix listening for retransmission of MPS/EOP/EOM if it was received corrupt on the first attempt (15 Jun 2020) * don't use CRP when receiving PPS/PPM as some senders think we are sending MCF (12 Jun 2020) * add BR_SSLFAX to show SSL Fax in notify and faxinfo output (1 Jun 2020) * have faxinfo put units on non-standard page dimensions (28 May 2020) * improve error messages for JobHost connection errors (22 May 2020) * fix perpetual blocking of jobs when a job preparation fails, attempt to fix similar blocking problems for bad jobs in batches, and add 'unblock' faxconfig feature (21 May 2020) * ignore TCF if we're receiving an SSL Fax (31 Jan 2020) * fixes for build on FreeBSD 12.1 (31 Jan - 3 Feb 2020) Moderate SUSE bug 1173519 SUSE bug 1173521 CVE-2020-15396 CVE-2020-15397 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql, postgresql96, postgresql10, postgresql12 fixes the following issues: Postgresql12 was updated to 12.3 (bsc#1171924). - https://www.postgresql.org/about/news/2038/ - https://www.postgresql.org/docs/12/release-12-3.html - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. Also changed in the postgresql wrapper package: - Bump version to 12.0.1, so that the binary packages also have a cut-point to conflict with. - Conflict with versions of the binary packages prior to the May 2020 update, because we changed the package layout at that point and need a clean cutover. - Bump package version to 12, but leave default at 10 for SLE-15 and SLE-15-SP1. postgresql11 was updated to 11.9: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/11/release-11-9.html - Pack the /usr/lib/postgresql symlink only into the main package. postgresql11 was updated to 11.8 (bsc#1171924). * https://www.postgresql.org/about/news/2038/ * https://www.postgresql.org/docs/11/release-11-8.html - Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance. - Move from the 'libs' build flavour to a 'mini' package that will only be used inside the build service and not get shipped, to avoid confusion with the debuginfo packages (bsc#1148643). postgresql10 was updated to 10.13 (bsc#1171924). - https://www.postgresql.org/about/news/2038/ - https://www.postgresql.org/docs/10/release-10-13.html - Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance. - Move from the 'libs' build flavour to a 'mini' package that will only be used inside the build service and not get shipped, to avoid confusion with the debuginfo packages (bsc#1148643). postgresql96 was updated to 9.6.19: * CVE-2020-14350, boo#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/9.6/release-9-6-19.html - Pack the /usr/lib/postgresql symlink only into the main package. - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. - update to 9.6.18 (boo#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/9.6/release-9-6-18.html - Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance. - Move from the 'libs' build flavour to a 'mini' package that will only be used inside the build service and not get shipped, to avoid confusion with the debuginfo packages (boo#1148643). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1148643 SUSE bug 1171924 SUSE bug 1175193 SUSE bug 1175194 CVE-2020-14349 CVE-2020-14350 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. This update is signed with the new UEFI signing key for openSUSE. It contains rebuilds of all available KMP packages also rebuilt with the new UEFi signing key. (boo#1174543) The following security bugs were fixed: - CVE-2020-14356: A use after free vulnerability in cgroup BPF component was fixed (bsc#1175213). - CVE-2020-14331: A buffer over write in vgacon_scroll was fixed (bnc#1174205). - CVE-2020-16166: The Linux kernel allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c (bnc#1174757). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth? BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Dispatcher: add status checks (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: asihpi: delete duplicated word (git-fixes). - ALSA: atmel: Remove invalid 'fall through' comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around 'opencount' (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa: delete repeated words in comments (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove 'defined but not used' warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci: delete repeated words in comments (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with 'pmic' on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - ARM: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - blk-mq: consider non-idle request as 'inflight' in blk_mq_rq_inflight() (bsc#1165933). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: use the file extent tree infrastructure (bsc#1175377). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert 'fix wrong mmc sample phase shift for rk3328' (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - Delete patches.suse/apparmor-Fix-memory-leak-of-profile-proxy.patch (bsc#1174627) - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drm/amd/display: Clear dm_state for fast updates (git-fixes). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: fix double free (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins (git-fixes). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: logitech-hidpp: avoid repeated 'multiplier = ' log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: centralize queue reset code (bsc#1167773). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - irqchip/gic: Atomically update affinity (bsc#1175195). - kabi fix for SUNRPC-dont-update-timeout-value-on-connection-reset.patch (bsc1174263). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to 'const' type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mm: Fix protection usage propagation (bsc#1174002). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/smc: fix restoring of fallback changes (git-fixes). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net/tls: fix encryption error checking (git-fixes). - net/tls: free record only on encryption error (git-fixes). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - NTB: Fix static check warning in perf_clear_test (git-fixes). - NTB: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - NTB: ntb_pingpong: Choose doorbells based on port number (git-fixes). - NTB: ntb_test: Fix bug when counting remote files (git-fixes). - NTB: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - NTB: perf: Do not require one more memory window than number of peers (git-fixes). - NTB: perf: Fix race condition when run with ntb_test (git-fixes). - NTB: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - NTB: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (git-fixes). - Revert 'drm/amd/display: Expose connector VRR range via debugfs' (bsc#1152489) * refreshed for context changes - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (git-fixes). - Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes). - Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (git-fixes). - Revert 'thermal: mediatek: fix register index error' (git-fixes). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in &lt;linux/rhashtable.h> (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/modules.fips: add ecdh_generic (boo#1173813) - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert 'stop passing MAY_NOT_BLOCK to the AVC upon follow_link' (bsc#1174333). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vt: Reject zero-sized screen buffer size (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). Important SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1120163 SUSE bug 1133021 SUSE bug 1149032 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1154488 SUSE bug 1155518 SUSE bug 1155798 SUSE bug 1165933 SUSE bug 1167773 SUSE bug 1168959 SUSE bug 1169771 SUSE bug 1171857 SUSE bug 1171988 SUSE bug 1172197 SUSE bug 1172201 SUSE bug 1172247 SUSE bug 1172963 SUSE bug 1173074 SUSE bug 1173468 SUSE bug 1173573 SUSE bug 1173813 SUSE bug 1173849 SUSE bug 1173941 SUSE bug 1173954 SUSE bug 1174002 SUSE bug 1174072 SUSE bug 1174116 SUSE bug 1174126 SUSE bug 1174127 SUSE bug 1174128 SUSE bug 1174129 SUSE bug 1174185 SUSE bug 1174205 SUSE bug 1174263 SUSE bug 1174264 SUSE bug 1174331 SUSE bug 1174332 SUSE bug 1174333 SUSE bug 1174356 SUSE bug 1174362 SUSE bug 1174396 SUSE bug 1174398 SUSE bug 1174407 SUSE bug 1174409 SUSE bug 1174411 SUSE bug 1174438 SUSE bug 1174462 SUSE bug 1174484 SUSE bug 1174513 SUSE bug 1174527 SUSE bug 1174543 SUSE bug 1174625 SUSE bug 1174627 SUSE bug 1174645 SUSE bug 1174689 SUSE bug 1174737 SUSE bug 1174757 SUSE bug 1174762 SUSE bug 1174770 SUSE bug 1174805 SUSE bug 1174824 SUSE bug 1174825 SUSE bug 1174852 SUSE bug 1174865 SUSE bug 1174880 SUSE bug 1174897 SUSE bug 1174906 SUSE bug 1174969 SUSE bug 1175009 SUSE bug 1175010 SUSE bug 1175011 SUSE bug 1175012 SUSE bug 1175013 SUSE bug 1175014 SUSE bug 1175015 SUSE bug 1175016 SUSE bug 1175017 SUSE bug 1175018 SUSE bug 1175019 SUSE bug 1175020 SUSE bug 1175021 SUSE bug 1175052 SUSE bug 1175112 SUSE bug 1175116 SUSE bug 1175149 SUSE bug 1175175 SUSE bug 1175176 SUSE bug 1175180 SUSE bug 1175181 SUSE bug 1175182 SUSE bug 1175183 SUSE bug 1175184 SUSE bug 1175185 SUSE bug 1175186 SUSE bug 1175187 SUSE bug 1175188 SUSE bug 1175189 SUSE bug 1175190 SUSE bug 1175191 SUSE bug 1175192 SUSE bug 1175195 SUSE bug 1175213 SUSE bug 1175263 SUSE bug 1175284 SUSE bug 1175296 SUSE bug 1175344 SUSE bug 1175345 SUSE bug 1175346 SUSE bug 1175347 SUSE bug 1175367 SUSE bug 1175377 CVE-2020-0305 CVE-2020-10135 CVE-2020-10781 CVE-2020-14331 CVE-2020-14356 CVE-2020-15780 CVE-2020-16166 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1175193 SUSE bug 1175194 CVE-2020-14349 CVE-2020-14350 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1174091 CVE-2019-20907 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libreoffice fixes the following issues: - Update to 6.4.5.2: * Various fixes all around - Remove mime-info and application-registry dirs bsc#1062631 - Fix bsc#1172053 - LO-L3: Image disappears during roundtrip 365->Impress->365 * bsc1172053.diff - Fix bsc#1172189 - LO-L3: Impress crashes midway opening a PPTX document * bsc1172189.diff - Fix bsc#1157627 - LO-L3: Some XML-created shapes simply lost upon PPTX import (= earth loses countries) * bsc1157627.diff - Fix bsc#1146025 - LO-L3: Colored textboxes in PPTX look very odd (SmartArt) - Fix bsc#1165849 - LO-L3: Shadow size for rectangle is only a fraction of Office 365 * bsc1165849-1.diff * bsc1165849-2.diff * bsc1165849-3.diff This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1062631 SUSE bug 1146025 SUSE bug 1157627 SUSE bug 1165849 SUSE bug 1172053 SUSE bug 1172189 SUSE bug 1172795 SUSE bug 1172796 CVE-2020-12802 CVE-2020-12803 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dovecot23 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Update to 84.0.4147.135 (boo#1175505): * CVE-2020-6556: Heap buffer overflow in SwiftShader Moderate SUSE bug 1175505 CVE-2020-6556 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1174091 CVE-2019-20907 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for inn fixes the following issues: - change file owners in /usr/lib/news to root [boo#1172573] [CVE-2020-8026] Moderate SUSE bug 1172573 CVE-2020-8026 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1106843 SUSE bug 1113719 SUSE bug 941629 CVE-2018-18751 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for grub2 fixes the following issue: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172745 SUSE bug 1174421 CVE-2020-15705 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). - Solve a crash in mod_proxy_uwsgi for empty values of environment variables. (bsc#1174052) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1174052 SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175074 CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for librepo fixes the following issues: - Fixed path validation to prevent directory traversal attacks (bsc#1175475, CVE-2020-14352) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1175475 CVE-2020-14352 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1093447 CVE-2018-10196 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing: - CVE-2020-6558: Insufficient policy enforcement in iOS - CVE-2020-6559: Use after free in presentation API - CVE-2020-6560: Insufficient policy enforcement in autofill - CVE-2020-6561: Inappropriate implementation in Content Security Policy - CVE-2020-6562: Insufficient policy enforcement in Blink - CVE-2020-6563: Insufficient policy enforcement in intent handling. - CVE-2020-6564: Incorrect security UI in permissions - CVE-2020-6565: Incorrect security UI in Omnibox. - CVE-2020-6566: Insufficient policy enforcement in media. - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. - CVE-2020-6568: Insufficient policy enforcement in intent handling. - CVE-2020-6569: Integer overflow in WebUSB. - CVE-2020-6570: Side-channel information leakage in WebRTC. - CVE-2020-6571: Incorrect security UI in Omnibox. Important SUSE bug 1175757 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ark fixes the following issues: - CVE-2020-24654: maliciously crafted TAR archive can install files outside the extraction directory (boo#1175857) Moderate SUSE bug 1175857 CVE-2020-24654 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1141320 SUSE bug 1162680 SUSE bug 1169095 SUSE bug 1169521 SUSE bug 1169850 SUSE bug 1169851 SUSE bug 1171437 SUSE bug 1172307 SUSE bug 1173159 SUSE bug 1173160 SUSE bug 1173161 SUSE bug 1173359 SUSE bug 1174120 CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libqt5-qtbase fixes the following issues: - Fixed a possible crash in certificate parsing. - Fixed a DoS in QSslSocket (bsc#1172726, CVE-2020-13962). - Added support for PostgreSQL 12 (bsc#1173758). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1172726 SUSE bug 1173758 CVE-2020-13962 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Update to version 70.0.3728.133 - CHR-8053 Update chromium on desktop-stable-84-3728 to 84.0.4147.125 - DNA-87289 Crash at views::NativeWidgetMacNSWindowHost:: OnNativeViewHostDetach(views::View const*) - DNA-87831 [Linux] Sidebar panel cannot be pinned - DNA-88057 [Win] Black rectangle flickers at the bottom of the page on startup - DNA-88157 Sidebar Messenger too low in FullScreen mode - DNA-88238 [macOS 10.15] Toolbar buttons not visible on inactive tab - The update to chromium 84.0.4147.125 fixes following issues: - CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020-6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020-6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020-6555 - Update to version 70.0.3728.119 - DNA-88215 Introduce easy-setup-hint-ref feature flag - Update to version 70.0.3728.106 - DNA-88014 [Mac] Toolbar in fullscreen disabled after using fullscreen from videoplayer - Update to version 70.0.3728.95 - CHR-8026 Update chromium on desktop-stable-84-3728 to 84.0.4147.105 - DNA-86340 Wrong link to the help page - DNA-87394 [Big Sur] Some popovers have incorrectly themed arrow - DNA-87647 [Win] The [+] button flickers after creating a new tab - DNA-87794 Crash at aura::Window::SetVisible(bool) - DNA-87796 Search in tabs should closed on second click - DNA-87863 Parameter placing issue in all languages - The update to chromium 84.0.4147.105 fixes following issues: - CVE-2020-6537, CVE-2020-6538, CVE-2020-6532, CVE-2020-6539, CVE-2020-6540, CVE-2020-6541 Important CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1175193 SUSE bug 1175194 CVE-2020-14349 CVE-2020-14350 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1175223 CVE-2020-7068 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1175109 CVE-2020-8231 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1173455 SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed potential negative array index in do_split() in ext4 (bsc#1173798). - CVE-2020-14386: Fixed an overflow in af_packet, which could lead to local privilege escalation (bsc#1176069). The following non-security bugs were fixed: - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix typo in enum name (git-fixes). - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - config/x86_64: Make CONFIG_PINCTRL_AMD=y (bsc#1174800) The pinctrl driver has to be initialized before hid-i2c and others. For assuring it, change it built-in, since we can't put the module ordering. This change follows the SLE15-SP2 kernel behavior. - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/debugfs: fix plain echo to connector 'force' attribute (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - genetlink: remove genl_bind (networking-stable-20_07_17). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - igc: Fix PTP initialization (bsc#1160634). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI: genetlink: remove genl_bind (kabi). - kabi/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kabi/severities: ignore qla2xxx as all symbols are internal - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Prevent reset after device destruction (git-fixes). - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - platform/x86: ISST: Add new PCI device ids (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - usb: bdc: Halt controller on suspend (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1133021 SUSE bug 1154492 SUSE bug 1156395 SUSE bug 1159058 SUSE bug 1160634 SUSE bug 1169790 SUSE bug 1171634 SUSE bug 1171688 SUSE bug 1172108 SUSE bug 1172418 SUSE bug 1172871 SUSE bug 1173485 SUSE bug 1173798 SUSE bug 1174003 SUSE bug 1174026 SUSE bug 1174387 SUSE bug 1174699 SUSE bug 1174771 SUSE bug 1174777 SUSE bug 1174800 SUSE bug 1175128 SUSE bug 1175199 SUSE bug 1175232 SUSE bug 1175440 SUSE bug 1175493 SUSE bug 1175546 SUSE bug 1175550 SUSE bug 1175654 SUSE bug 1175691 SUSE bug 1175768 SUSE bug 1175769 SUSE bug 1175770 SUSE bug 1175771 SUSE bug 1175772 SUSE bug 1175774 SUSE bug 1175775 SUSE bug 1175834 SUSE bug 1175873 SUSE bug 1176069 CVE-2020-14314 CVE-2020-14386 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libmediainfo, mediainfo fixes the following issues: libmediainfo was updated to version 20.08: Added: * MPEG-H 3D Audio full featured support (group presets, switch groups, groups, signal groups) * MP4/MOV: support of more metadata locations * JSON and XML outputs: authorize 'complete' output * MPEG-4: support of TrueHD * WM: show legacy value of performer if not same as modern one * WAV: trace of adtl (Associated Data List) chunk Fixed: * URL encoding detection fix for URL having a query part (issue with e.g. pre-signed AWS S3 URLs) * Don't try to seek to the end (false positive range related error with HTTP) * DPX: don't load the whole file in RAM * Opus: fix wrong channel mapping * Miscellaneous other bug fixes version 20.03 Added features: * AC-4 full featured support (presentations, groups, substreams) * MPEG-H 3D Audio basic support * MPEG-TS: audio preselection descriptor support * Dolby Vision v2 detection * MPEG-4: support of colr/nclx (color information) box Bugs fixed: * URL encoding option fixes, permitting to use URL encoded or non URL encoded links * AAC: fix SBR frequency when in ADIF * DPX: ColorimetricSpecification and TransferCharacteristic were inverted * Some API calls were not thread safe * Several crash and memory leaks fixes version 19.09 Added: * AC-4: basic detection, raw, in MP4 or TS * AC-3/E-AC-3: display time code of the first frame * Don't show anymore by default 'encoded' bit rates and stream sizes * MOV: Decode more language codes Corrections: * MXF: some metadata were missing * AC-3: AC-3 actually has no bit depth, removing the default 16 value * AC-3/E-AC-3: fix bitrate info (so duration) with streams having a time code * AC-3: parse more frames also when in MP4, in order to better detect JOC (Atmos) * MP4: do not show audio bit depth if it is the 'default' 16 (value is not trustable enough) * ProRes RAW: we know only width and height * SubRip: bad handling of files having a quote character version 19.07 Added: * Dolby E: readout of Dolby E program description * MXF: Detection of Dolby Vision * MP4: support of Spatial Audio Metadata * DV: color space is explicit * DV: audio format settings * Matroska: PCM bit rate * MOV, MXF: Time code frame rate * DV: DVCAM commercial name for locked audio and PAL 4:2:0 * MXF: Time code track name Corrections: * USAC: frame rate was missing in case of non standard sampling rate * USAC: fix infinite loop with some LATM streams * WAV: MP3 delay should be added to BWF time reference * TTML: fix wrong output with standalone files * N19/STL: fix crash with some uncommon framerates * VC-3: fix sub sampling with some v2 files * DV: Time code frame number was wrong (divided by 2) for 50/60 fps content version 19.04 Added: * USAC: DRC effect types, Sample peak level, True peak level, Program loudness * HDR: SMPTE ST 2094 App 4 (including HDR10+) support * HDR: move HDR10, Dolby Vision and SL-HDR meta to specific generic 'HDR Format' lines * Matroska: SMPTE ST 2086 (HDR10) support * Matroska: FieldOrder support * HEIF image format support * AV1: support of AV1 in MP4, HEIF, IVF * MOV: Add a lot more countries to AppleStoreCountry field internal list * MXF: Fix memory leak when fully parsing big file with acquisition metadata * HEVC: more HEVC profiles (Multiview, Scalable, Screen Content...) * AAC: better handling of corrupted streams * AAC: better handling of unknown channel layouts * AVC in MP4: better support of corrupted streams Corrected: * B1101, AVI: fix crash with some invalid streams * B1101, SMPTE ST 337: fix crash with some invalid streams * Matroska: chapters timestamp were not display if chapters have no name * MXF: Fix false positive truncated file detection when there is no Random Index Pack * AAC: channel layout typos (Rls instead of Lrs, Lr instead of Rb) * ProRes: correctly show color space if alpha plane is present * MPEG Audio: some VBR files use 'Info' Xing header, so we ignore the difference between 'Info' and 'Xing' * I943, MPEG-4: wrong display aspect ratio in some corner cases (32-bit release only) * I1096, OGG: assign METADATA_BLOCK_PICTURE tag to cover * I339, text in square brackets stripped in $if() section version 18.12 Added features: * DCP: support of multi-reel packages * EBUCore: added some FFV1 related metadata * JPEG: better info display of CYMK files * Provide source of the color related metadata (container or stream) (hidden by default) * MXF: display more information when wrapper/essence values are detected as not same * MXF: ProRes profiles * MPEG-4: ProRes RAW support * MPEG-TS: add support of parsing some ETSI TS 103-433 messages Bug fixes: * MPEG-2 Video: variable GOP detection fix * MPEG-7 export: some fields were missing due to the removal of some legacy fields * ADTS: Fix display of channel count for 8-channel streams * ID3v2: fix some date related issues * I298, ID3v2: fix wrong read of recording date in some cases * I1032, PBCore2: fix essenceFrameSize with non Video tracks * I1096, JPEG: fix crash with one file * Several other crash and memory leak fixes version 18.08.1 * Fix XML/MPEG-7/PBCore2 output discarding non ANSI characters version 18.08 Added features: * Dolby Atmos (in E-AC-3 or TrueHD): support of bed channel count/configuration + objects count + complexity index * AC-3/DTS/AAC: display of info about legacy decoders behavior removed * AC-3/DTS/AAC: some changes in how format is displayed * AC-3/DTS/AAC: better split between technical names and commercial names * AAC: support of profile information from MP4_IOD_Tag AudioProfileLevelIndication * USAC (xHE-AAC) support * Audio channel layout: using a new terminology, better suited for 3D Audio, see https://mediaarea.net/AudioChannelLayout * DSD (DSF & DSDIFF) support * DXD (Digital eXtreme Definition) commercial name * Dolby Vision: use new form for profile (numbers instead of acronyms) * New format 'Directory' when image sequence + audio file is detected (1 directory style for the moment) * PBCore2 export update, thanks to WGBH * MPEG-7 export update * NISO export update * AV1: support of AOmedia AV1 based on 1.0.0 specifications * ATRAC9 detection * Versionned RPMs * HEVC: better support of buggy SEI * ADTS: CodecID * Support of injection of external metadata * HTTPS: support of AWS extension 'x-amz-*' in HTTPS headers, permitting to manage temporary credentials (AssumeRole) * MPEG-4, #1005: Obey edit list in QuickTime Timecode track Bug corrections: * MIXML: hide fields which were hidden in normal output * Hybrid AC-3/E-AC-3 (in Blu-rays): bit rate info was wrong * Lot of bug fixes, see full log for more info version 18.05 Added: * PBCore 2.1 export update, sponsored by WGBH as part of the NEH-funded PBCore Development and Preservation Project * TIFF: more IFDs are supported (density, software...) * NISO Z39.87 output Fixed: * Mastering Display Color Primaries: was always showing BT.709 instead of real value, when present * Attachments: do not provide anymore attachments content in XML by default, fixes mediainfo was updated to version 20.08: Added: * MPEG-H 3D Audio full featured support (group presets, switch groups, groups, signal groups) * MP4/MOV: support of more metadata locations * JSON and XML outputs: authorize 'complete' output * MPEG-4: support of TrueHD * WM: show legacy value of performer if not same as modern one * WAV: trace of adtl (Associated Data List) chunk Fixed: * URL encoding detection fix for URL having a query part (issue with e.g. pre-signed AWS S3 URLs) * Don't try to seek to the end (false positive range related error with HTTP) * DPX: don't load the whole file in RAM * Opus: fix wrong channel mapping * Miscellaneous other bug fixes version 20.03 Added features: * AC-4 full featured support (presentations, groups, substreams) * MPEG-H 3D Audio basic support * MPEG-TS: audio preselection descriptor support * Dolby Vision v2 detection * MPEG-4: support of colr/nclx (color information) box Bugs fixed: * URL encoding option fixes, permitting to use URL encoded or non URL encoded links * AAC: fix SBR frequency when in ADIF * DPX: ColorimetricSpecification and TransferCharacteristic were inverted * Several crash and memory leaks fixes version 19.09 Added: * AC-4: basic detection, raw, in MP4 or TS * AC-3/E-AC-3: display time code of the first frame * Don't show anymore by default 'encoded' bit rates and stream sizes * MOV: Decode more language codes Corrections: * MXF: some metadata were missing * AC-3: AC-3 actually has no bit depth, removing the default 16 value * AC-3/E-AC-3: fix bitrate info (so duration) with streams having a time code * AC-3: parse more frames also when in MP4, in order to better detect JOC (Atmos) * MP4: do not show audio bit depth if it is the 'default' 16 (value is not trustable enough) * ProRes RAW: we know only width and height * SubRip: bad handling of files having a quote character version 19.07 Added: * Dolby E: readout of Dolby E program description * MXF: Detection of Dolby Vision * MP4: support of Spatial Audio Metadata * DV: color space is explicit * DV: audio format settings * Matroska: PCM bit rate * MOV, MXF: Time code frame rate * DV: DVCAM commercial name for locked audio and PAL 4:2:0 * MXF: Time code track name Corrected: * USAC: frame rate was missing in case of non standard sampling rate * USAC: fix infinite loop with some LATM streams * WAV: MP3 delay should be added to BWF time reference * TTML: fix wrong output with standalone files * N19/STL: fix crash with some uncommon framerates * VC-3: fix sub sampling with some v2 files * DV: Time code frame number was wrong (divided by 2) for 50/60 fps content version 19.04 Added: * USAC: DRC effect types, Sample peak level, True peak level, Program loudness * HDR: SMPTE ST 2094 App 4 (including HDR10+) support * HDR: move HDR10, Dolby Vision and SL-HDR meta to specific generic 'HDR Format' lines * Matroska: SMPTE ST 2086 (HDR10) support * Matroska: FieldOrder support * HEIF image format support * AV1: support of AV1 in MP4, HEIF, IVF * MOV: Add a lot more countries to AppleStoreCountry field internal list * MXF: Fix memory leak when fully parsing big file with acquisition metadata * HEVC: more HEVC profiles (Multiview, Scalable, Screen Content...) * AAC: better handling of corrupted streams * AAC: better handling of unknown channel layouts * AVC in MP4: better support of corrupted streams Changed: * B1101, AVI: fix crash with some invalid streams * B1101, SMPTE ST 337: fix crash with some invalid streams * Matroska: chapters timestamp were not display if chapters have no name * MXF: Fix false positive truncated file detection when there is no Random Index Pack * AAC: channel layout typos (Rls instead of Lrs, Lr instead of Rb) * ProRes: correctly show color space if alpha plane is present * MPEG Audio: some VBR files use 'Info' Xing header, so we ignore the difference between 'Info' and 'Xing' * I943, MPEG-4: wrong display aspect ratio in some corner cases (32-bit release only) * I1096, OGG: assign METADATA_BLOCK_PICTURE tag to cover version 18.12 Added features: * DCP: support of multi-reel packages * EBUCore: added some FFV1 related metadata * JPEG: better info display of CYMK files * Provide source of the color related metadata (container or stream) (hidden by default) * MXF: display more information when wrapper/essence values are detected as not same * MXF: ProRes profiles * MPEG-4: ProRes RAW support * MPEG-TS: add support of parsing some ETSI TS 103-433 messages Bug fixes: * MPEG-2 Video: variable GOP detection fix * MPEG-7 export: some fields were missing due to the removal of some legacy fields * ADTS: Fix display of channel count for 8-channel streams * ID3v2: fix some date related issues * I298, ID3v2: fix wrong read of recording date in some cases * I1032, PBCore2: fix essenceFrameSize with non Video tracks * I1096, JPEG: fix crash with one file * Several other crash and memory leak fixes version 18.08.1 * Fix XML/MPEG-7/PBCore2 output discarding non ANSI characters version 18.08 Added features: * Dolby Atmos (in E-AC-3 or TrueHD): support of bed channel count/configuration + objects count + complexity index * AC-3/DTS/AAC: display of info about legacy decoders behavior removed * AC-3/DTS/AAC: some changes in how format is displayed * AC-3/DTS/AAC: better split between technical names and commercial names * AAC: support of profile information from MP4_IOD_Tag AudioProfileLevelIndication * USAC (xHE-AAC) support * Audio channel layout: using a new terminology, better suited for 3D Audio, see https://mediaarea.net/AudioChannelLayout * DSD (DSF & DSDIFF) support * DXD (Digital eXtreme Definition) commercial name * Dolby Vision: use new form for profile (numbers instead of acronyms) * New format 'Directory' when image sequence + audio file is detected (1 directory style for the moment) * PBCore2 export update, thanks to WGBH * MPEG-7 export update * NISO export update * AV1: support of AOmedia AV1 based on 1.0.0 specifications * ATRAC9 detection * Versionned RPMs * HEVC: better support of buggy SEI * ADTS: CodecID * Support of injection of external metadata * HTTPS: support of AWS extension 'x-amz-*' in HTTPS headers, permitting to manage temporary credentials (AssumeRole) * MPEG-4, #1005: Obey edit list in QuickTime Timecode track Bug corrections: * MIXML: hide fields which were hidden in normal output * Hybrid AC-3/E-AC-3 (in Blu-rays): bit rate info was wrong * Lot of bug fixes, see full log for more info version 18.05 Added: * PBCore 2.1 export update, sponsored by WGBH as part of the NEH-funded PBCore Development and Preservation Project * TIFF: more IFDs are supported (density, software...) * NISO Z39.87 output Fixed: * Mastering Display Color Primaries: was always showing BT.709 instead of real value, when present * Attachments: do not provide anymore attachments content in XML by default, fixes Moderate SUSE bug 1173630 CVE-2020-15395 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 68.12 (bsc#1175686) - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege - CVE-2020-15664: Attacker-induced prompt for extension installation - CVE-2020-15669: Use-After-Free when aborting an operation This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15669 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-Flask-Cors fixes the following issues: - CVE-2020-25032: fix a relative directory traversal vulnerability (bsc#1175986). Moderate SUSE bug 1175986 CVE-2020-25032 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). - go1.14.6 (released 2020-07-16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release tracking Refs bsc#1174153 bsc#1174191 * go#39991 runtime: missing deferreturn on linux/ppc64le * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39698 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39636 reflect: DeepEqual can return true for values that are not equal * go#39585 encoding/json: incorrect object key unmarshaling when using custom TextUnmarshaler as Key with string va lues * go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it trie s to use an older version of dlv which only supports linux/amd64 * go#39308 testing: streaming output loses parallel subtest associations * go#39288 cmd/vet: update for new number formats * go#39101 database/sql: context cancellation allows statements to execute after rollback * go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes * go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1164903 SUSE bug 1169832 SUSE bug 1170826 SUSE bug 1172868 SUSE bug 1174153 SUSE bug 1174191 SUSE bug 1174977 CVE-2020-14039 CVE-2020-15586 CVE-2020-16845 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for lilypond fixes the following issues: - CVE-2020-17353: When -dsafe is used, LilyPond lacks restrictions on embedded-ps and embedded-svg (boo#1174949). Moderate SUSE bug 1174949 CVE-2020-17353 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libetpan fixes the following issues: Update to 1.9.4 (boo#1174579, CVE-2020-15953): * Bugfixes on QUOTA * Varios warning fixes & build fixes Update to version 1.9.3 * Added IMAP CLIENTID / SMTP CLIENTID support * Use Cyrus SASL 2.1.27 Update to version 1.9.2 * Support of TLS SNI * LMDB for cache DB * Fixed build with recent versions of curl Moderate SUSE bug 1174579 CVE-2020-15953 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. bsc#1161883, bsc#1174458 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1161883 SUSE bug 1174458 CVE-2020-14339 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172491 CVE-2020-13790 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1174154 CVE-2020-15719 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176179 CVE-2020-24977 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for slurm_18_08 fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. (CVE-2020-12693, bsc#1172004). Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-12693.patch - Remove unneeded build dependency to postgresql-devel. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172004 CVE-2020-12693 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo#1168029 OSA-2020-10: * Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. - CVE-2020-1772 boo#1168029 OSA-2020-09: * Information Disclosure It’s possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. - CVE-2020-1771 boo#1168030 OSA-2020-08: * Possible XSS in Customer user address book Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. - CVE-2020-1770 boo#1168031 OSA-2020-07: * Information disclosure in support bundle files Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. - CVE-2020-1769 boo#1168032 OSA-2020-06: * Autocomplete in the form login screens In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. Update to 5.0.41 https://community.otrs.com/otrs-community-edition-5s-patch-level-41/ * bug#14912 - Installer refers to non-existing documentation - added code to upgrade OTRS from 4 to 5 READ UPGRADING.SUSE * steps 1 to 4 are done by rpm pkg * steps 5 to *END* need to be done manually cause of DB backup Update to 5.0.40 https://community.otrs.com/otrs-community-edition-5s-patch-level-40/ - CVE-2020-1766 boo#1160663 OSA-2020-02: Improper handling of uploaded inline images Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. * CVE-2020-1765, OSA-2020-01: Spoofing of From field in several screens An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound * run bin/otrs.Console.pl Maint::Config::Rebuild after the upgrade - Update 5.0.39 https://community.otrs.com/otrs-community-edition-5s-patch-level-39/ * CVE-2019-18180 boo#1157001 OSA-2019-15: Denial of service OTRS can be put into an endless loop by providing filenames with overly long extensions. This applies to the PostMaster (sending in email) and also upload (attaching files to mails, for example). * CVE-2019-18179 OSA-2019-14: Information Disclosure An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions. Update to 5.0.38 https://community.otrs.com/release-notes-otrs-5s-patch-level-38/ * CVE-2019-16375, boo#1156431 OSA-2019-13: Stored XXS An attacker who is logged into OTRS as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent compose an answer to the original article. Update to 5.0.37 https://community.otrs.com/release-notes-otrs-5s-patch-level-37/ * CVE-2019-13458, boo#1141432, OSA-2019-12: Information Disclosure An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS tags in templates in order to disclose hashed user passwords. * CVE-2019-13457, boo#1141431, OSA-2019-11: Information Disclosure A customer user can use the search results to disclose information from their “company” tickets (with the same CustomerID), even when CustomerDisableCompanyTicketAccess setting is turned on. * CVE-2019-12746, boo#1141430, OSA-2019-10: Session ID Disclosure A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then potentially abused in order to impersonate the agent user. Update to 5.0.36 https://community.otrs.com/release-notes-otrs-5s-patch-level-36/ * CVE-2019-12497, boo#1137614, OSA-2019-09: Information Disclosure In the customer or external frontend, personal information of agents can be disclosed like Name and mail address in external notes. * CVE-2019-12248, boo#1137615, OSA-2019-08: Loading External Image Resources An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. Update to 5.0.35 https://community.otrs.com/release-notes-otrs-5s-patch-level-35/ * CVE-2019-10067, boo#1139406, OSA-2019-05: Reflected and Stored XSS An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. * CVE-2019-9892, boo#1139406, OSA-2019-04: XXE Processing An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem. - update missing CVE for OSA-2018-10, OSA-2019-01 Update to 5.0.34 * https://community.otrs.com/release-notes-otrs-5s-patch-level-34/ * CVE-2019-9752, boo#1122560, OSA-2019-01: Stored XSS An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. Update to 5.0.33 * https://community.otrs.com/release-notes-otrs-5s-patch-level-33/ Update to 5.0.26 * https://www.otrs.com/release-notes-otrs-5s-patch-level-26 * https://www.otrs.com/release-notes-otrsitsm-module-5s-patch-level-26/ - remove obsolete * otrs-scheduler.service * otrs-scheduler.init This update was imported from the openSUSE:Leap:15.1:Update update project. Moderate SUSE bug 1122560 SUSE bug 1137614 SUSE bug 1137615 SUSE bug 1139406 SUSE bug 1141430 SUSE bug 1141431 SUSE bug 1141432 SUSE bug 1156431 SUSE bug 1157001 SUSE bug 1160663 SUSE bug 1168029 SUSE bug 1168030 SUSE bug 1168031 SUSE bug 1168032 CVE-2019-10067 CVE-2019-12248 CVE-2019-12497 CVE-2019-12746 CVE-2019-13457 CVE-2019-13458 CVE-2019-16375 CVE-2019-18179 CVE-2019-18180 CVE-2019-9752 CVE-2019-9892 CVE-2020-1765 CVE-2020-1766 CVE-2020-1769 CVE-2020-1770 CVE-2020-1771 CVE-2020-1772 CVE-2020-1773 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fossil fixes the following issues: - fossil 2.12.1: * CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code [boo#1175760] * Security fix in the 'fossil git export' command. New 'safety-net' features were added to prevent similar problems in the future. * Enhancements to the graph display for cases when there are many cherry-pick merges into a single check-in. Example * Enhance the fossil open command with the new --workdir option and the ability to accept a URL as the repository name, causing the remote repository to be cloned automatically. Do not allow 'fossil open' to open in a non-empty working directory unless the --keep option or the new --force option is used. * Enhance the markdown formatter to more closely follow the CommonMark specification with regard to text highlighting. Underscores in the middle of identifiers (ex: fossil_printf()) no longer need to be escaped. * The markdown-to-html translator can prevent unsafe HTML (for example: <script>) on user-contributed pages like forum and tickets and wiki. The admin can adjust this behavior using the safe-html setting on the Admin/Wiki page. The default is to disallow unsafe HTML everywhere. * Added the 'collapse' and 'expand' capability for long forum posts. * The 'fossil remote' command now has options for specifying multiple persistent remotes with symbolic names. Currently only one remote can be used at a time, but that might change in the future. * Add the 'Remember me?' checkbox on the login page. Use a session cookie for the login if it is not checked. * Added the experimental 'fossil hook' command for managing 'hook scripts' that run before checkin or after a push. * Enhance the fossil revert command so that it is able to revert all files beneath a directory. * Add the fossil bisect skip command. * Add the fossil backup command. * Enhance fossil bisect ui so that it shows all unchecked check-ins in between the innermost 'good' and 'bad' check-ins. * Added the --reset flag to the 'fossil add', 'fossil rm', and 'fossil addremove' commands. * Added the '--min N' and '--logfile FILENAME' flags to the backoffice command, as well as other enhancements to make the backoffice command a viable replacement for automatic backoffice. Other incremental backoffice improvements. * Added the /fileedit page, which allows editing of text files online. Requires explicit activation by a setup user. * Translate built-in help text into HTML for display on web pages. * On the /timeline webpage, the combination of query parameters 'p=CHECKIN' and 'bt=ANCESTOR' draws all ancestors of CHECKIN going back to ANCESTOR. * Update the built-in SQLite so that the 'fossil sql' command supports new output modes '.mode box' and '.mode json'. * Add the 'obscure()' SQL function to the 'fossil sql' command. * Added virtual tables 'helptext' and 'builtin' to the 'fossil sql' command, providing access to the dispatch table including all help text, and the builtin data files, respectively. * Delta compression is now applied to forum edits. * The wiki editor has been modernized and is now Ajax-based. - Package the fossil.1 manual page. - fossil 2.11.1: * Make the 'fossil git export' command more restrictive about characters that it allows in the tag names - Add fossil-2.11-reproducible.patch to override build date (boo#1047218) Important SUSE bug 1047218 SUSE bug 1175760 CVE-2020-24614 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for virtualbox fixes the following issues: Update to Oracle version 6.1.14a. This minor update enables the building of libvirt again. Version update to 6.1.14 (released September 04 2020 by Oracle) File 'fix_virtio_build.patch' is added to fix a build problem. This is a maintenance release. The following items were fixed and/or added: GUI: Fixes file name changes in the File location field when creating Virtual Hard Disk (bug #19286) VMM: Fixed running VMs which failed to start with VERR_NEM_MISSING_KERNEL_API_2 when Hyper-V is used (bug #19779 and #19804) Audio: fix regression in HDA emulation introduced in 6.1.0 Shared Clipboard: Fixed a potential crash when copying HTML data (6.1.2 regression; bug #19226) Linux host and guest: Linux kernel version 5.8 support EFI: Fixed reading ISO9660 filesystems on attached media (6.1.0 regression; bug #19682) EFI: Support booting from drives attached to the LsiLogic SCSI and SAS controller emulations Pseudo version bump to 6.1.13, which is NOT an Oracle release. Update VB sources to run under kernel 5.8.0+ with no modifications to the kernel. These sources are derived from r85883 of the Oracle svn repository. For operations with USB{2,3}, the extension pack for revision 140056 must be installed. Once Oracle releases 6.1.14, then the extension pack and VB itself will have the same revision number. File 'fixes_for_5.8.patch' is removed as that part was fixed upstream. Fixes boo#1175201. Apply Oracle changes for kernel 5.8. Version bump to 6.1.12 (released July 14 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: File 'turn_off_cloud_net.patch' added. Fixes for CVE-2020-14628, CVE-2020-14646, CVE-2020-14647, CVE-2020-14649 CVE-2020-14713, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676 CVE-2020-14677, CVE-2020-14699, CVE-2020-14711, CVE-2020-14629 CVE-2020-14703, CVE-2020-14704, CVE-2020-14648, CVE-2020-14650 CVE-2020-14673, CVE-2020-14694, CVE-2020-14695, CVE-2020-14698 CVE-2020-14700, CVE-2020-14712, CVE-2020-14707, CVE-2020-14714 CVE-2020-14715 boo#1174159. UI: Fixes for Log-Viewer search-backward icon Devices: Fixes and improvements for the BusLogic SCSI controller emulation Serial Port: Regression fixes in FIFO data handling Oracle Cloud Infrastructure integration: Experimental new type of network attachment, allowing local VM to act as if it was run in cloud API: improved resource management in the guest control functionality VBoxManage: fixed command option parsing for the 'snapshot edit' sub-command VBoxManage: Fix crash of 'VBoxManage internalcommands repairhd' when processing invalid input (bug #19579) Guest Additions, 3D: New experimental GLX graphics output Guest Additions, 3D: Fixed releasing texture objects, which could cause guest crashes Guest Additions: Fixed writes to a file on a shared folder not being reflected on the host when the file is mmap'ed and the used Linux kernel is between version 4.10.0 and 4.11.x Guest Additions: Fixed the shared folder driver on 32bit Windows 8 and newer returning an error when flushing writes to a file which is mapped into memory under rare circumstances Guest Additions: Improve resize coverage for VMSVGA graphics controller Guest Additions: Fix issues detecting guest additions ISO at runtime Guest Additions: Fixed German translation encoding for Windows GA installer Moderate SUSE bug 1114605 SUSE bug 1174075 SUSE bug 1174159 SUSE bug 1175201 CVE-2020-14628 CVE-2020-14629 CVE-2020-14646 CVE-2020-14647 CVE-2020-14648 CVE-2020-14649 CVE-2020-14650 CVE-2020-14673 CVE-2020-14674 CVE-2020-14675 CVE-2020-14676 CVE-2020-14677 CVE-2020-14694 CVE-2020-14695 CVE-2020-14698 CVE-2020-14699 CVE-2020-14700 CVE-2020-14703 CVE-2020-14704 CVE-2020-14707 CVE-2020-14711 CVE-2020-14712 CVE-2020-14713 CVE-2020-14714 CVE-2020-14715 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1175109 CVE-2020-8231 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for singularity fixes the following issues: New version 3.6.3, addresses the following security issues: - CVE-2020-25039, boo#1176705 When a Singularity action command (run, shell, exec) is run with the fakeroot or user namespace option, Singularity will extract a container image to a temporary sandbox directory. Due to insecure permissions on the temporary directory it is possible for any user with access to the system to read the contents of the image. Additionally, if the image contains a world-writable file or directory, it is possible for a user to inject arbitrary content into the running container. - CVE-2020-25040, boo#1176707 When a Singularity command that results in a container build operation is executed, it is possible for a user with access to the system to read the contents of the image during the build. Additionally, if the image contains a world-writable file or directory, it is possible for a user to inject arbitrary content into the running build, which in certain circumstances may enable arbitrary code execution during the build and/or when the built container is run. New version 3.6.2, new features / functionalities: -Add --force option to singularity delete for non-interactive workflows. -Support compilation with FORTIFY_SOURCE=2 and build in pie mode with fstack-protector enabled - Changed defaults / behaviours -Default to current architecture for singularity delete. - Bug Fixes -Respect current remote for singularity delete command. -Allow rw as a (noop) bind option. -Fix capability handling regression in overlay mount. -Fix LD_LIBRARY_PATH environment override regression with --nv/--rocm. -Fix environment variable duplication within singularity engine. -Use -user-xattrs for unsquashfs to avoid error with rootless extraction using unsquashfs 3.4 -Correct --no-home message for 3.6 CWD behavior. -Don't fail if parent of cache dir not accessible. -Fix tests for Go 1.15 Ctty handling. -Fix additional issues with test images on ARM64. -Fix FUSE e2e tests to use container ssh_config. -Provide advisory message r.e. need for upper and work to exist in overlay images. -Use squashfs mem and processor limits in squashfs gzip check. -Ensure build destination path is not an empty string - do not overwrite CWD. -Don't unset PATH when interpreting legacy /environment files. Moderate SUSE bug 1176705 SUSE bug 1176707 CVE-2020-25039 CVE-2020-25040 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium was updated to version 85.0.4183.102 (bsc#1176306) fixing: - CVE-2020-6573: Use after free in video. - CVE-2020-6574: Insufficient policy enforcement in installer. - CVE-2020-6575: Race in Mojo. - CVE-2020-6576: Use after free in offscreen canvas. - CVE-2020-15959: Insufficient policy enforcement in networking. Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing: - CVE-2020-6558: Insufficient policy enforcement in iOS - CVE-2020-6559: Use after free in presentation API - CVE-2020-6560: Insufficient policy enforcement in autofill - CVE-2020-6561: Inappropriate implementation in Content Security Policy - CVE-2020-6562: Insufficient policy enforcement in Blink - CVE-2020-6563: Insufficient policy enforcement in intent handling. - CVE-2020-6564: Incorrect security UI in permissions - CVE-2020-6565: Incorrect security UI in Omnibox. - CVE-2020-6566: Insufficient policy enforcement in media. - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. - CVE-2020-6568: Insufficient policy enforcement in intent handling. - CVE-2020-6569: Integer overflow in WebUSB. - CVE-2020-6570: Side-channel information leakage in WebRTC. - CVE-2020-6571: Incorrect security UI in Omnibox. Important SUSE bug 1175757 SUSE bug 1176306 SUSE bug 1176450 CVE-2020-15959 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libqt4 fixes the following issues: * Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507) * Fix 'double free or corruption' in QXmlStreamReader (boo#1118595, CVE-2018-15518) * Fix QBmpHandler segfault on malformed BMP file boo#1118596, CVE-2018-19873) * Fix crash when parsing malformed url reference (boo#1118599, CVE-2018-19869) This update was imported from the openSUSE:Leap:15.1:Update update project. Moderate SUSE bug 1118595 SUSE bug 1118596 SUSE bug 1118599 SUSE bug 1121214 SUSE bug 1176315 CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 CVE-2020-17507 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for roundcubemail fixes the following issues: roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. (boo#1175135) * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145] * Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content From 1.3.14 (boo#1173792 -> CVE-2020-15562) * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace From 1.3.13 * Installer: Fix regression in SMTP test section (#7417) From 1.3.12 * Security: Better fix for CVE-2020-12641 (boo#1171148) * Security: Fix XSS issue in template object 'username' (#7406) * Security: Fix couple of XSS issues in Installer (#7406) * Security: Fix cross-site scripting (XSS) via malicious XML attachment From 1.3.11 (boo#1171148 -> CVE-2020-12641 boo#1171040 -> CVE-2020-12625 boo#1171149 -> CVE-2020-12640) * Enigma: Fix compatibility with Mail_Mime >= 1.10.5 * Fix permissions on some folders created by bin/install-jsdeps.sh script (#6930) * Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980) * Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991) * Fix PHP warning: 'array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003) * Security: Fix XSS issue in handling of CDATA in HTML messages * Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings * Security: Fix local file inclusion (and code execution) via crafted 'plugins' option * Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) From 1.3.10 (boo#1146286) * Managesieve: Fix so 'Create filter' option does not show up when Filters menu is disabled (#6723) * Enigma: Fix bug where revoked users/keys were not greyed out in key info * Enigma: Fix error message when trying to encrypt with a revoked key (#6607) * Enigma: Fix 'decryption oracle' bug [CVE-2019-10740] (#6638) * Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785) * Fix bug where bmp images couldn't be displayed on some systems (#6728) * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) * Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) * Fix bug where selection of columns on messages list wasn't working * Fix bug in converting multi-page Tiff images to Jpeg (#6824) * Fix wrong messages order after returning to a multi-folder search result (#6836) * Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866) * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) From 1.3.9 (boo#1115718) * Fix TinyMCE download location (#6694) * Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) * Fix handling of empty entries in vCard import (#6564) * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) * Fix PHP 7.2 compatibility in debug_logger plugin (#6586) * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) * Fix missing CSRF token on a link to download too-big message part (#6621) * Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) * Fix bug where next row wasn't selected after deleting a collapsed thread (#6655) From 1.3.8 * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) * Enigma: Fix deleting keys with authentication subkeys (#6381) * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) * Fix so Classic skin splitter does not escape out of window (#6397) * Fix XSS issue in handling invalid style tag content (#6410) * Fix compatibility with MySQL 8 - error on 'system' table use * Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) * Fix support for 'allow-from <uri>' in 'x_frame_options' config option (#6449) * Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) * Fix multiple VCard field search (#6466) * Fix session issue on long running requests (#6470) From 1.3.7 (boo#1115719) * Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) * Fix bug where some parts of quota information could have been ignored (#6280) * Fix bug where some escape sequences in html styles could bypass security checks * Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names * Fix bug where only attachments with the same name would be ignored on zip download (#6301) * Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) * Fix bug where after 'mark all folders as read' action message counters were not reset (#6307) * Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289) * Fix bug where some HTML comments could have been malformed by HTML parser (#6333) Moderate SUSE bug 1115718 SUSE bug 1115719 SUSE bug 1146286 SUSE bug 1171040 SUSE bug 1171148 SUSE bug 1171149 SUSE bug 1173792 SUSE bug 1175135 CVE-2019-10740 CVE-2020-12625 CVE-2020-12640 CVE-2020-12641 CVE-2020-15562 CVE-2020-16145 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1010979 SUSE bug 1010980 SUSE bug 1020451 SUSE bug 1020456 SUSE bug 1020458 SUSE bug 1020460 SUSE bug 1045450 SUSE bug 1057152 SUSE bug 1088278 SUSE bug 1114498 SUSE bug 1115637 SUSE bug 1117328 SUSE bug 1120805 SUSE bug 1120807 CVE-2016-9398 CVE-2016-9399 CVE-2017-14132 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9252 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - Support more SCSI drivers (PvScsi, MptScsi and LsiScsi). (bsc#1119454) - Enable LsiScsi explicitly since it's disabled by default This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1119454 SUSE bug 1175476 CVE-2019-14562 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Update to samba 4.11.13 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install 'test_util_paths'; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425); This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1176579 CVE-2020-1472 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium was updated to 85.0.4183.121 (boo#1176791): - CVE-2020-15960: Out of bounds read in storage - CVE-2020-15961: Insufficient policy enforcement in extensions - CVE-2020-15962: Insufficient policy enforcement in serial - CVE-2020-15963: Insufficient policy enforcement in extensions - CVE-2020-15965: Out of bounds write in V8 - CVE-2020-15966: Insufficient policy enforcement in extensions - CVE-2020-15964: Insufficient data validation in media Important SUSE bug 1176791 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172177 CVE-2020-8164 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175568 CVE-2020-8027 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for pdns fixes the following issues: - Build with libmaxminddb instead of the obsolete GeoIP (boo#1156196) - CVE-2020-17482: Fixed an error that can result in leaking of uninitialised memory through crafted zone records (boo#1176535) - Backported compilation fix vs. latest Boost 1.74 (boo#1176312) Moderate SUSE bug 1156196 SUSE bug 1176312 SUSE bug 1176535 CVE-2020-17482 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues: podman was updated to v2.0.6 (bsc#1175821) - install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before - Drop varlink API related bits (in favor of the new API) - fix install location for zsh completions * Fixed a bug where running systemd in a container on a cgroups v1 system would fail. * Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as. * Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start. * Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally. Update to v2.0.6: * Features - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id. - The podman system connection command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance. * Changes - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd). - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged. * Bugfixes - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964). - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271). - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]). - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893). - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124). - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180). - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104). - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128). - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed. - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces. - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host. - Fixed a bug where podman build would not generate an event on completion (#7022). - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123). - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285). - Fixed a bug where the podman version command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734). - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103). * API - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally. - Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15] - Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15] Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by 'v' (instead of just being '1' or '2', as is documented). - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return 'err' from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for 'IfNotPresent' pull type * docs: user namespace can't be shared in pods * Fix 'Error: unrecognized protocol \'TCP\' in port mapping' * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text@v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename * The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common@v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * 'pod' was being truncated to 'po' in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. Update to podman v1.9.3: * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers * Fixed a bug where builds run over Varlink would hang * Fixed a bug where podman save would fail when the target image was specified by digest * Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue (#6018) * Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run * Fixed a bug where HTTP proxy environment variables forwarded into the container by the --http-proxy flag could not be overridden by --env or --env-file * Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start Update podman to v1.9.1: * Bugfixes - Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with --log-path and multiple container logs were placed in the same directory - Fixed a bug where rootless Podman could, when using an older libpod.conf, print numerous warning messages about an invalid CGroup manager config - Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it Update podman to v1.9.0: * Features - Experimental support has been added for podman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 - Add 'systemd' BUILDFLAGS to build with support for journald logging (bsc#1162432) Update podman to v1.8.2: * Features - Initial support for automatically updating containers managed via Systemd unit files has been merged. This allows containers to automatically upgrade if a newer version of their image becomes available * Bugfixes - Fixed a bug where unit files generated by podman generate systemd --new would not force containers to detach, causing the unit to time out when trying to start - Fixed a bug where podman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831) - Fixed a bug where image built by podman build would not properly set the OS and Architecture they were built with (#5503) - Fixed a bug where attached podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483) - Fixed a bug where rootless podman run commands could hang when forwarding ports - Fixed a bug where rootless Podman would not work when /proc was mounted with the hidepid option set - Fixed a bug where the podman system service command would use large amounts of CPU when --timeout was set to 0 (#5531) * HTTP API - Initial support for Libpod endpoints related to creating and operating on image manifest lists has been added - The Libpod Healthcheck and Events API endpoints are now supported - The Swagger endpoint can now handle cases where no Swagger documentation has been generated Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the --device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys='' would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock - Configure br_netfilter for podman automatically (bsc#1165738) The trigger is only excuted when updating podman-cni-config while the command was running conmon was update to v2.0.20 (bsc#1175821) - journald: fix logging container name - container logging: Implement none driver - 'off', 'null' or 'none' all work. - ctrl: warn if we fail to unlink - Drop fsync calls - Reap PIDs before running exit command - Fix log path parsing - Add --sync option to prevent conmon from double forking - Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20 - Update to v2.0.17: - Add option to delay execution of exit command - Update to v2.0.16: - tty: flush pending data when fd is ready - Enable support for journald logging (bsc#1162432) - Update to v2.0.15: - store status while waiting for pid - Update to v2.0.14: - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe - Update to v2.0.12 - oom: fix potential race between verification steps - Update to v2.0.11 - log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM - journal logging: write to /dev/null instead of -1 fuse-overlayfs was updated to 1.1.2 (bsc#1175821): - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. - use openat2(2) when available. - accept 'ro' as mount option. - fix set mtime for a symlink. - fix some issues reported by static analysis. - fix potential infinite loop on a short read. - fix creating a directory if the destination already exists in the upper layer. - report correctly the number of links for a directory also for subsequent stat calls - stop looking up the ino in the lower layers if the file could not be opened - make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST. - honor --debug. libcontainers-common was updated to fix: - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Added containers/common tarball for containers.conf(5) man page - Install containers.conf default configuration in /usr/share/containers - libpod repository on github got renamed to podman - Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path - Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid - Update storage to 1.20.2 - Add back skip_mount_home - Remove remaining difference between SLE and openSUSE package and ship the some mounts.conf default configuration on both platforms. As the sources for the mount point do not exist on openSUSE by default this config will basically have no effect on openSUSE. (jsc#SLE-12122, bsc#1175821) - Update to image 5.4.4 - Remove registries.conf VERSION 2 references from man page - Intial authfile man page - Add $HOME/.config/containers/certs.d to perHostCertDirPath - Add $HOME/.config/containers/registries.conf to config path - registries.conf.d: add stances for the registries.conf - update to libpod 1.9.3 - userns: support --userns=auto - Switch to using --time as opposed to --timeout to better match Docker - Add support for specifying CNI networks in podman play kube - man pages: fix inconsistencies - Update to storage 1.19.1 - userns: add support for auto - store: change the default user to containers - config: honor XDG_CONFIG_HOME - Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. It never ended up in SLES and a different way to fix the underlying problem is being worked on. - Add registry.opensuse.org as default registry [bsc#1171578] - Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. This for making container-suseconnect working in the public cloud on-demand images. It needs that file for being able to verify the server certificates of the RMT servers hosted in the public cloud. (https://github.com/SUSE/container-suseconnect/issues/41) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1162432 SUSE bug 1164090 SUSE bug 1165738 SUSE bug 1171578 SUSE bug 1174075 SUSE bug 1175821 SUSE bug 1175957 CVE-2020-1726 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bcm43xx-firmware fixes the following issues: - Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631): - brcmfmac driver loads file depending on compatible. Rename files correspondingly. (bsc#1169094) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1169094 SUSE bug 1176631 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tiff fixes the following issues: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1146608 CVE-2019-14973 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Fixed various issues discovered by fuzzing: - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515): This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for brotli fixes the following issues: brotli was updated to 1.0.9: * CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB [boo#1175825] * `brotli -v` now reports raw / compressed size * decoder: minor speed / memory usage improvements * encoder: fix rare access to uninitialized data in ring-buffer Moderate SUSE bug 1175825 CVE-2020-8927 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176423). - CVE-2020-0427: In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176725). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176722). - CVE-2020-0432: In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176721). - CVE-2020-14385: Fixed a boundary test in xfs_attr_shortform_verify which could lead to crashes (bsc#1176137). - CVE-2020-14390: When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1176235). - CVE-2020-2521: Fixed a getxattr kernel panic and memory overflow in NFS4(bsc#1176381). - CVE-2020-25284: Require global CAP_SYS_ADMIN for mapping and unmapping rbd devices (bsc#1176543). - CVE-2020-26088: A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a (bnc#1176990). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes). - ALSA: hda: hdmi - add Rocketlake support (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes). - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes). - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes). - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833). - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes). - ASoC: img-parallel-out: Fix a reference count leak (git-fixes). - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes). - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes). - ASoC: qcom: Set card->owner to avoid warnings (git-fixes). - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bcache: Convert pr_&lt;level> uses to a more typical style (git fixes (block drivers)). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - bluetooth: btrtl: Add support for RTL8761B (bsc#1177021). - bnxt: do not enable NAPI until rings are ready (git-fixes). - bnxt_en: Check for zero dir entries in NVRAM (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bnxt_en: fix HWRM error when querying VF temperature (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29). - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29). - bonding: fix a potential double-unregister (git-fixes). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518). - bpf: map_seq_next should always increase position index (bsc#1155518). - btrfs: add a leak check for roots (bsc#1176019). - btrfs: add __cold attribute to more functions (bsc#1176019). - btrfs: add dedicated members for start and length of a block group (bsc#1176019). - btrfs: Add read_backup_root (bsc#1176019). - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019). - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019). - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019). - btrfs: do not init a reloc root if we are not relocating (bsc#1176019). - btrfs: Do not use objectid_mutex during mount (bsc#1176019). - btrfs: drop block from cache on error in relocation (bsc#1176019). - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019). - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019). - btrfs: export and rename free_fs_info (bsc#1176019). - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019). - btrfs: Factor out tree roots initialization during mount (bsc#1176019). - btrfs: fix setting last_trans for reloc roots (bsc#1176019). - btrfs: free more things in btrfs_free_fs_info (bsc#1176019). - btrfs: free the reloc_control in a consistent way (bsc#1176019). - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019). - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019). - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019). - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019). - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019). - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019). - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019). - btrfs: hold a ref on the root in create_subvol (bsc#1176019). - btrfs: hold a ref on the root in find_data_references (bsc#1176019). - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019). - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019). - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019). - btrfs: hold a ref on the root in open_ctree (bsc#1176019). - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019). - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019). - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019). - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019). - btrfs: hold a ref on the root in search_ioctl (bsc#1176019). - btrfs: hold a ref on the root->reloc_root (bsc#1176019). - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019). - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019). - btrfs: implement full reflink support for inline extents (bsc#1176019). - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019). - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019). - btrfs: make the fs root init functions static (bsc#1176019). - btrfs: make the init of static elements in fs_info separate (bsc#1176019). - btrfs: move all reflink implementation code into its own file (bsc#1176019). - btrfs: move block_group_item::flags to block group (bsc#1176019). - btrfs: move block_group_item::used to block group (bsc#1176019). - btrfs: move fs_info init work into it's own helper function (bsc#1176019). - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019). - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019). - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019). - btrfs: push grab_fs_root into read_fs_root (bsc#1176019). - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019). - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019). - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019). - btrfs: remove embedded block_group_cache::item (bsc#1176019). - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019). - btrfs: Remove unused next_root_backup function (bsc#1176019). - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019). - btrfs: rename btrfs_block_group_cache (bsc#1176019). - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019). - btrfs: rename extent buffer block group item accessors (bsc#1176019). - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019). - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019). - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019). - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - btrfs: unset reloc control if we fail to recover (bsc#1176019). - btrfs: use bool argument in free_root_pointers() (bsc#1176019). - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019). - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019). - ceph: do not allow setlease on cephfs (bsc#1176537). - ceph: fix potential mdsc use-after-free crash (bsc#1176538). - ceph: fix use-after-free for fsc->mdsc (bsc#1176539). - ceph: handle zero-length feature mask in session messages (bsc#1176540). - ceph: set sec_context xattr on symlink creation (bsc#1176541). - ceph: use frag's MDS in either mode (bsc#1176542). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: davinci: Use the correct size when allocating memory (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - cxgb4: fix thermal zone device registration (git-fixes). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - debugfs: Fix module state check condition (bsc#1173746). - debugfs: Fix module state check condition (git-fixes). - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dmaengine: acpi: Put the CSRT table after using it (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm: do not call report zones for more than the user requested (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130). - drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu/gfx10: refine mgcg setting (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes). - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes). - drm/sun4i: add missing put_device() call in (bsc#1152472) - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472) - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472) - drm/sun4i: Fix dsi dcs long write function (bsc#1152472) - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489). - EDAC: Fix reference count leaks (bsc#1152489). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29). - epoll: atomically remove wait entry on wake up (bsc#1176236). - epoll: call final ep_events_available() check under the lock (bsc#1176237). - ext4: handle read only external journal device (bsc#1176063). - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes). - fbmem: pull fbcon_update_vcs() out of fb_set_var() (git-fixes). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775). - HID: core: reformat and reduce hid_printk macros (bsc#1176775). - HID: core: Sanitize event code and type when mapping input (git-fixes). - HID: elan: Fix memleak in elan_input_configured (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes). - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes). - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes). - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes). - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes). - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes). - include/linux/poison.h: remove obsolete comment (git-fixes). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - initramfs: remove clean_rootfs (git-fixes). - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358). - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360). - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361). - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362). - iommu/vt-d: Handle non-page aligned address (bsc#1176367). - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364). - iommu/vt-d: Support flushing more translation cache types (bsc#1176365). - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08). - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08). - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08). - irqdomain/treewide: Free firmware node after domain removal (git-fixes). - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes). - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459). - libbpf: Fix readelf output parsing for Fedora (bsc#1155518). - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly. - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes). - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)). - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)). - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - move to sorted section: patches.suse/x86-asm-64-Align-start-of-__clear_user-loop-to-16-by.patch - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration (networking-stable-20_07_29). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08). - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587). - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15). - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353). - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15). - net/smc: put slot when connection is killed (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08). - net/tls: Fix kmap usage (networking-stable-20_08_15). - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436). - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436). - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436). - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935). - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935). - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935). - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935). - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935). - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017). - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017). - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774). - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774). - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017). - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774). - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes). - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381). - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - regulator: plug of_node leak in regulator_register()'s error path (git-fixes). - regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes). - regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - regulator: push allocations in create_regulator() outside of lock (git-fixes). - regulator: pwm: Fix machine constraints application (git-fixes). - regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes). - Remove patch causing regression (bsc#1094244 ltc#168122). - Revert 'ALSA: hda: Add support for Loongson 7A1000 controller' (git-fixes). - Revert 'ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO' (git-fixes). - Revert 'ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control' (git-fixes). - Revert 'crypto: chelsio - Inline single pdu only' (git-fixes). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449. - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes). - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes). - s390/maccess: add no DAT mode to kernel_write (bsc#1176449). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - s390/setup: init jump labels before command line parsing (git-fixes). - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). Replace patches.suse/lpfc-synchronize-nvme-transport-and-lpfc-driver-devloss_tmo.patch with upstream version of the fix. - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes). - sctp: shrink stream outq only when new outcnt &lt; old outcnt (networking-stable-20_07_29). - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - soundwire: fix double free of dangling pointer (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: stm32: always perform registers configuration prior to transfer (git-fixes). - spi: stm32: clear only asserted irq flags on interrupt (git-fixes). - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes). - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes). - spi: stm32h7: fix race condition at end of transfer (git-fixes). - taprio: Fix using wrong queues in gate mask (bsc#1154353). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15). - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes). - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tracing: fix double free (git-fixes). - Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019). - Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch (bsc#1174484). - update to September 2020 maintenance update submission (commit 8bb516dc7a0a) - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - usb: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - usb: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - usb: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - usb: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - usb: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - usb: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - usb: typec: ucsi: Prevent mode overrun (git-fixes). - usb: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vfio-pci: Avoid recursive read-lock usage (bsc#1176366). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29). - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08). - wireguard: noise: take lock when removing handshake entry from table (git-fixes). - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes). - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763). - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489). - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925). - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925). - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925). - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). Important SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1094244 SUSE bug 1136666 SUSE bug 1152148 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1155798 SUSE bug 1156395 SUSE bug 1167527 SUSE bug 1170232 SUSE bug 1170774 SUSE bug 1171000 SUSE bug 1171068 SUSE bug 1171073 SUSE bug 1171558 SUSE bug 1171688 SUSE bug 1171742 SUSE bug 1172419 SUSE bug 1172757 SUSE bug 1172873 SUSE bug 1173017 SUSE bug 1173060 SUSE bug 1173115 SUSE bug 1173267 SUSE bug 1173746 SUSE bug 1174029 SUSE bug 1174110 SUSE bug 1174111 SUSE bug 1174358 SUSE bug 1174484 SUSE bug 1174486 SUSE bug 1174899 SUSE bug 1175263 SUSE bug 1175667 SUSE bug 1175749 SUSE bug 1175787 SUSE bug 1175882 SUSE bug 1175952 SUSE bug 1175996 SUSE bug 1175997 SUSE bug 1175998 SUSE bug 1175999 SUSE bug 1176000 SUSE bug 1176001 SUSE bug 1176019 SUSE bug 1176022 SUSE bug 1176038 SUSE bug 1176063 SUSE bug 1176137 SUSE bug 1176235 SUSE bug 1176236 SUSE bug 1176237 SUSE bug 1176242 SUSE bug 1176278 SUSE bug 1176357 SUSE bug 1176358 SUSE bug 1176359 SUSE bug 1176360 SUSE bug 1176361 SUSE bug 1176362 SUSE bug 1176363 SUSE bug 1176364 SUSE bug 1176365 SUSE bug 1176366 SUSE bug 1176367 SUSE bug 1176381 SUSE bug 1176423 SUSE bug 1176449 SUSE bug 1176486 SUSE bug 1176507 SUSE bug 1176536 SUSE bug 1176537 SUSE bug 1176538 SUSE bug 1176539 SUSE bug 1176540 SUSE bug 1176541 SUSE bug 1176542 SUSE bug 1176543 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176587 SUSE bug 1176659 SUSE bug 1176698 SUSE bug 1176699 SUSE bug 1176700 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176725 SUSE bug 1176732 SUSE bug 1176763 SUSE bug 1176775 SUSE bug 1176788 SUSE bug 1176789 SUSE bug 1176833 SUSE bug 1176869 SUSE bug 1176877 SUSE bug 1176925 SUSE bug 1176962 SUSE bug 1176980 SUSE bug 1176990 SUSE bug 1177021 SUSE bug 1177030 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14385 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-26088 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.14 fixes the following issues: - go1.14.9 (released 2020-09-09) includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc#1164903 go1.14 release tracking * go#41192 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test * go#41016 net/http: Transport.CancelRequest no longer cancels in-flight request * go#40973 net/http: RoundTrip unexpectedly changes Request * go#40968 runtime: checkptr incorrectly -race flagging when using &^ arithmetic * go#40938 cmd/compile: R12 can be clobbered for write barrier call on PPC64 * go#40848 testing: '=== PAUSE' lines do not change the test name for the next log line * go#40797 cmd/compile: inline marker targets not reachable after assembly on arm * go#40766 cmd/compile: inline marker targets not reachable after assembly on ppc64x * go#40501 cmd/compile: for range loop reading past slice end * go#40411 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment * go#40398 runtime: fatal error: checkdead: runnable g * go#40192 runtime: pageAlloc.searchAddr may point to unmapped memory in discontiguous heaps, violating its invariant * go#39955 cmd/link: incorrect GC bitmap when global's type is in another shared object * go#39690 cmd/compile: s390x floating point <-> integer conversions clobbering the condition code * go#39279 net/http: Re-connect with upgraded HTTP2 connection fails to send Request.body * go#38904 doc: include fix for #34437 in Go 1.14 release notes - go1.14.8 (released 2020-09-01) includes security fixes to the net/http/cgi and net/http/fcgi packages. CVE-2020-24553 Refs bsc#1164903 go1.14 release tracking * bsc#1176031 CVE-2020-24553 * go#41164 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1164903 SUSE bug 1176031 CVE-2020-24553 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176262 CVE-2019-20916 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dpdk fixes the following issues: - dpdk was updated to 19.11.4 - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host(bsc#1176590). - For a list of fixes check: https://doc.dpdk.org/guides-19.11/rel_notes/release_19_11.html#id8 denial of service in the host (bsc#1176590). This update was imported from the SUSE:SLE-15-SP2:Update update project. Critical SUSE bug 1176590 CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for zabbix fixes the following issues: Updated to version 3.0.31. + CVE-2020-15803: Fixed an XSS in the URL Widget (boo#1174253). Moderate SUSE bug 1174253 CVE-2020-11800 CVE-2020-15803 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - Various other fixes (bsc#1027519) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1176339 SUSE bug 1176341 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176349 SUSE bug 1176350 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs12 fixes the following issues: - nodejs12 was updated to 12.18.4 LTS: - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion (bsc#1176605). - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589). - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172686 SUSE bug 1173937 SUSE bug 1176589 SUSE bug 1176605 CVE-2020-15095 CVE-2020-8201 CVE-2020-8252 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1176764 CVE-2019-20919 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for kdeconnect-kde fixes the following issues: kdeconnect-kde was updated to fix various security issues in its default enabled network service (CVE-2020-26164, boo#1176268): Important SUSE bug 1176268 CVE-2020-26164 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nextcloud fixes the following issues: nextcloud version 20.0.0 fix some security issues: - NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not verified - NC-SA-2020-033 (CVE-2020-8228) Missing rate limit on signup page - NC-SA-2020-029 (CVE-2020-8233, boo#1177346) Re-Sharing allows increase of privileges - NC-SA-2020-026 Passowrd of share by mail is not hashed when given on the create share call - NC-SA-2020-023 Increase random used for encryption - Update to 19.0.3 - Fix possible leaking scope in Flow (server#22410) - Combine body-login rules in theming and fix twofactor and guest styling on bright colors (server#22427) - Show better quota warning for group folders and external storage (server#22442) - Add php docs build script (server#22448) - Fix clicks on actions menu of non opaque file rows in acceptance tests (server#22503) - Fix writing BLOBs to postgres with recent contacts interaction (server#22515) - Set the mount id before calling storage wrapper (server#22519) - Fix S3 error handling (server#22521) - Only disable zip64 if the size is known (server#22537) - Change free space calculation (server#22553) - Do not keep the part file if the forbidden exception has no retry set (server#22560) - Fix app password updating out of bounds (server#22569) - Use the correct root to determinate the webroot for the resource (server#22579) - Upgrade icewind/smb to 3.2.7 (server#22581) - Bump elliptic from 6.4.1 to 6.5.3 (notifications#732) - Fixes regression that prevented you from toggling the encryption flag (privacy#489) - Match any non-whitespace character in filesystem pattern (serverinfo#229) - Catch StorageNotAvailable exceptions (text#1001) - Harden read only check on public endpoints (text#1017) - Harden check when using token from memcache (text#1020) - Sessionid is an int (text#1029) - Only overwrite Ctrl-f when text is focussed (text#990) - Set the X-Requested-With header on dav requests (viewer#582) - Update to 19.0.2 - [stable19] lower minimum search length to 2 characters (server#21782) - [stable19] Call openssl_pkey_export with $config and log errors. (server#21804) - [stable19] Improve error reporting on sharing errors (server#21806) - [stable19] Do not log RequestedRangeNotSatisfiable exceptions in DAV (server#21840) - [stable19] Fix parsing of language code (server#21857) - [stable19] fix typo in revokeShare() (server#21876) - [stable19] Discourage webauthn user interaction (server#21917) - [stable19] Encryption is ready if master key is enabled (server#21935) - [stable19] Disable fragile comments tests (server#21939) - [stable19] Do not double encode the userid in webauthn login (server#21953) - [stable19] update icewind/smb to 3.2.6 (server#21955) - [stable19] Respect default share permissions (server#21967) - [stable19] allow admin to configure the max trashbin size (server#21975) - [stable19] Fix risky test in twofactor_backupcodes (server#21978) - [stable19] Fix PHPUnit deprecation warnings (server#21981) - [stable19] fix moving files from external storage to object store trashbin (server#21983) - [stable19] Ignore whitespace in sharing by mail (server#21991) - [stable19] Properly fetch translation for remote wipe confirmation dialog (server#22036) - [stable19] parse_url returns null in case a parameter is not found (server#22044) - Bump elliptic from 6.5.2 to 6.5.3 (server#22050) - [stable19] Correctly remove usergroup shares on removing group members (server#22053) - [stable19] Fix height to big for iPhone when using many apps (server#22064) - [stable19] reset the cookie internally in new API when abandoning paged results op (server#22069) - [stable19] Add Guzzle's InvalidArgumentException (server#22070) - [stable19] contactsmanager shall limit number of results early (server#22091) - [stable19] Fix browser freeze on long password input (server#22094) - [stable19] Search also the email and displayname in user mangement for groups (server#22118) - [stable19] Ensured large image is unloaded from memory when generating previews (server#22121) - [stable19] fix display of remote users in incoming share notifications (server#22131) - [stable19] Reuse cache for directory mtime/size if filesystem changes can be ignored (server#22171) - [stable19] Remove unexpected argument (server#22178) - [stable19] Do not exit if available space cannot be determined on file transfer (server#22181) - [stable19] Fix empty 'more' apps navigation after installing an app (server#22183) - [stable19] Fix default log_rotate_size in config.sample.php (server#22192) - [stable19] shortcut in reading nested group members when IN_CHAIN is available (server#22203) - [stable19] Fix chmod on file descriptor (server#22208) - [stable19] Do clearstatcache() on rmdir (server#22209) - [stable19] SSE enhancement of file signature (server#22210) - [stable19] remove logging message carrying no valuable information (server#22215) - [stable19] Add app config option to disable 'Email was changed by admin' activity (server#22232) - [stable19] Delete chunks if the move on an upload failed (server#22239) - [stable19] Silence duplicate session warnings (server#22247) - [3rdparty] Doctrine: Fix unquoted stmt fragments backslash escaping (server#22252) - [stable19] Allow to disable share emails (server#22300) - [stable19] Show disabled user count in occ user:report (server#22302) - Bump 3rdparty to last stable19 commit (server#22303) - [stable19] fixing a logged deprecation message (server#22309) - [stable19] CalDAV: Add ability to limit sharing to owner (server#22333) - [stable19] Only copy the link when updating a share or no password was forced (server#22337) - [stable19] Remove encryption option for nextcloud external storage (server#22341) - [stable19] l10n:Correct appid for WebAuthn (server#22348) - [stable19] Properly search for users when limittogroups is enabled (server#22355) - [stable19] SSE: make legacy format opt in (server#22381) - [stable19] Update the CRL (server#22387) - [stable19] Fix missing FN from federated contact (server#22400) - [stable19] fix event icon sizes and text alignment (server#22414) - [stable19] Bump stecman/symfony-console-completion from 0.8.0 to 0.11.0 (3rdparty#457) - [stable19] Add Guzzle's InvalidArgumentException (3rdparty#474) - [stable19] Doctrine: Fix unquoted stmt fragments backslash escaping (3rdparty#486) - [stable19] Fix cypress (viewer#545) - Move to webpack vue global config & bump deps (viewer#558) - Update to 19.0.1 - Security update Fix (CVE-2020-8183, NC-SA-2020-026, CWE-256) A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. - Update to 19.0.0 * Changes Nextcloud Hub v19, code name “home office”, represents a big step forward for remote collaboration in teams. This release brings document collaboration to video chats, introduces password-less login and improves performance. As this is a major release, the changelog is too long to put here. Users can look at github milestones to find what has been merged. A quick overview of what is new: - password-less authentication and many other security measures - Talk 9 with built-in office document editing courtesy of Collabora, a grid view & more - MUCH improved performance, Deck integration in Calendar, guest account groups and more! Moderate SUSE bug 1171572 SUSE bug 1171579 SUSE bug 1177346 CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs10 fixes the following issues: - nodejs10 was updated to 10.22.1 LTS: - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589). - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172686 SUSE bug 1173937 SUSE bug 1176589 CVE-2020-15095 CVE-2020-8252 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494). - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641). - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386). - CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370). - Allow to IPL secure guests with -no-reboot (bsc#1174863) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1174386 SUSE bug 1174641 SUSE bug 1174863 SUSE bug 1175370 SUSE bug 1175441 SUSE bug 1176494 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) This update was imported from the SUSE:SLE-15-SP1:Update update project. Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for icingaweb2 fixes the following issues: - icingaweb2 was updated to 2.7.4 * CVE-2020-24368: Fixed a path Traversal which could have allowed an attacker to access arbitrary files which are readable by the process running (boo#1175530). Important SUSE bug 1175530 CVE-2020-24368 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for phpMyAdmin fixes the following issues: - phpMyAdmin was updated to 4.9.6 * CVE-2020-26934: Fixed an XSS relating to the transformation feature (boo#1177561). * CVE-2020-26935: Fixed an SQL injection in SearchController (boo#1177562). Important SUSE bug 1177561 SUSE bug 1177562 CVE-2020-26934 CVE-2020-26935 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for crmsh fixes the following issues: - Fixed start_delay with start-delay(bsc#1176569) - fix on_fail should be on-fail(bsc#1176569) - config: Try to handle configparser.MissingSectionHeaderError while reading config file - ui_configure: Obscure sensitive data by default(bsc#1163581) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1163581 SUSE bug 1176569 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186) This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1172186 CVE-2020-8165 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for pdns-recursor fixes the following issues: -pdns-recursorwas updated to 4.1.1 and 4.3.5: - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation (boo#1177383) - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication (boo#1173302). Important SUSE bug 1173302 SUSE bug 1177383 CVE-2020-14196 CVE-2020-25829 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). - CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka 'BleedingTooth' aka 'BadVibes' (bsc#1177726). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725). - CVE-2020-25212: A TOCTOU mismatch in the NFS client code in the Linux kernel could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381). - CVE-2020-25645: Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1177511). - CVE-2020-25643: Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (bnc#1177206). - CVE-2020-25641: A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allowed a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability (bnc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes). - ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes). - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - Btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Move upstreamed intel-vbtn patch into sorted section - NFS: Do not move layouts to plh_return_segs list while in use (git-fixes). - NFS: Do not return layout segments that are in use (git-fixes). - NFS: Fix flexfiles read failover (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - PCI: Avoid double hpmemsize MMIO window assignment (git-fixes). - PCI: tegra194: Fix runtime PM imbalance on error (git-fixes). - PCI: tegra: Fix runtime PM imbalance on error (git-fixes). - Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes). - RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request (bsc#1175621). - Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#1171675). - SUNRPC: Revert 241b1f419f0e ('SUNRPC: Remove xdr_buf_trim()') (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - Update patches.suse/target-add-rbd-backend.patch: (). (simplify block to byte calculations and use consistent error paths) - Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194). - airo: Fix read overflows sending packets (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: Enable PCI write-combine resources under sysfs (bsc#1175807). - ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - brcmfmac: Fix double freeing in the fmac usb data path (git-fixes). - btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: fix free-space bitmap threshold (bsc#1176019). - btrfs: block-group: refactor how we delete one block group item (bsc#1176019). - btrfs: block-group: refactor how we insert a block group item (bsc#1176019). - btrfs: block-group: refactor how we read one block group item (bsc#1176019). - btrfs: block-group: rename write_one_cache_group() (bsc#1176019). - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: do not take an extra root ref at allocation time (bsc#1176019). - btrfs: drop logs when we've aborted a transaction (bsc#1176019). - btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: free block groups after free'ing fs trees (bsc#1176019). - btrfs: hold a ref on the root on the dead roots list (bsc#1176019). - btrfs: kill the subvol_srcu (bsc#1176019). - btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019). - btrfs: make inodes hold a ref on their roots (bsc#1176019). - btrfs: make the extent buffer leak check per fs info (bsc#1176019). - btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019). - btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019). - btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: rename member 'trimming' of block group to a more generic name (bsc#1176019). - btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes). - clk: tegra: Always program PLL_E when enabled (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes). - cpuidle: Poll for a minimum of 30ns and poll for a tick if lower c-states are disabled (bnc#1176588). - create Storage / NVMe subsection - crypto: algif_aead - Do not set MAY_BACKLOG on the async path (git-fixes). - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: ecdh - check validity of Z before export (bsc#1175718). - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes). - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes). - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes). - crypto: picoxcell - Fix potential race condition bug (git-fixes). - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (git-fixes). - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes). - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes). - dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes). - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes). - drm/radeon: revert 'Prefer lower feedback dividers' (bsc#1177384). - drop Storage / bsc#1171688 subsection No effect on expanded tree. - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - ftrace: Move RCU is watching check after recursion check (git-fixes). - fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193). - gpio: mockup: fix resource leak in error path (git-fixes). - gpio: rcar: Fix runtime PM imbalance on error (git-fixes). - gpio: siox: explicitly support only threaded irqs (git-fixes). - gpio: sprd: Clear interrupt when setting the type as edge (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - hwmon: (applesmc) check status earlier (git-fixes). - hwmon: (mlxreg-fan) Fix double 'Mellanox' (git-fixes). - hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} (git-fixes). - i2c: aspeed: Mask IRQ status to relevant bits (git-fixes). - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - i2c: i801: Exclude device from suspend direct complete optimization (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - i2c: meson: fixup rate calculation with filter delay (git-fixes). - i2c: owl: Clear NACK and BUS error bits (git-fixes). - i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes). - i2c: tegra: Restore pinmux on system resume (git-fixes). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio: adc: qcom-spmi-adc5: fix driver name (git-fixes). - ima: extend boot_aggregate with kernel measurements (bsc#1177617). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297). - iommu/amd: Fix potential @entry null deref (bsc#1177283). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - kabi fix for NFS: Fix flexfiles read failover (git-fixes). - kabi/severities: ignore kABI for target_core_rbd Match behaviour for all other Ceph specific modules. - kernel-binary.spec.in: Exclude .config.old from kernel-devel - use tar excludes for .kernel-binary.spec.buildenv - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist. - leds: mlxreg: Fix possible buffer overflow (git-fixes). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - libceph-add-support-for-CMPEXT-compare-extent-reques.patch: (bsc#1177090). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - mac80211: skip mpath lookup also for control port tx (git-fixes). - mac802154: tx: fix use-after-free (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes). - media: camss: Fix a reference count leak (git-fixes). - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes). - media: mc-device.c: fix memleak in media_device_register_entity (git-fixes). - media: mx2_emmaprp: Fix memleak in emmaprp_probe (git-fixes). - media: omap3isp: Fix memleak in isp_probe (git-fixes). - media: ov5640: Correct Bit Div register in clock tree diagram (git-fixes). - media: platform: fcp: Fix a reference count leak (git-fixes). - media: rc: do not access device via sysfs after rc_unregister_device() (git-fixes). - media: rc: uevent sysfs file races with rc_unregister_device() (git-fixes). - media: rcar-csi2: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar-vin: Fix a reference count leak (git-fixes). - media: rockchip/rga: Fix a reference count leak (git-fixes). - media: s5p-mfc: Fix a reference count leak (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: staging/intel-ipu3: css: Correctly reset some memory (git-fixes). - media: stm32-dcmi: Fix a reference count leak (git-fixes). - media: tc358743: cleanup tc358743_cec_isr (git-fixes). - media: tc358743: initialize variable (git-fixes). - media: ti-vpe: Fix a missing check and reference count leak (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes). - media: usbtv: Fix refcounting mixup (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Document asd allocation requirements (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm, compaction: fully assume capture is not NULL in compact_zone_order() (git fixes (mm/compaction), bsc#1177681). - mm, compaction: make capture control handling safe wrt interrupts (git fixes (mm/compaction), bsc#1177681). - mm, slab/slub: move and improve cache_from_obj() (mm/slub bsc#1165692). - mm, slab/slub: improve error reporting and overhead of cache_from_obj() (mm/slub bsc#1165692). - mm, slub: extend checks guarded by slub_debug static key (mm/slub bsc#1165692). - mm, slub: extend slub_debug syntax for multiple blocks (mm/slub bsc#1165692). - mm, slub: introduce kmem_cache_debug_flags() (mm/slub bsc#1165692). - mm, slub: introduce static key for slub_debug() (mm/slub bsc#1165692). - mm, slub: make reclaim_account attribute read-only (mm/slub bsc#1165692). - mm, slub: make remaining slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: make some slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: remove runtime allocation order changes (mm/slub bsc#1165692). - mm, slub: restore initial kmem_cache flags (mm/slub bsc#1165692). - mm/debug.c: always print flags in dump_page() (git fixes (mm/debug)). - mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() (bsc#1177694). - mm/migrate.c: also overwrite error when it is bigger than zero (git fixes (mm/move_pages), bsc#1177683). - mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init (git fixes (mm/init), bsc#1177697). - mm: call cond_resched() from deferred_init_memmap() (git fixes (mm/init), bsc#1177697). - mm: initialize deferred pages with interrupts enabled (git fixes (mm/init), bsc#1177697). - mm: move_pages: report the number of non-attempted pages (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: return valid node id in status if the page is already on the target node (git fixes (mm/move_pages), bsc#1177683). - mmc: core: Rework wp-gpio handling (git-fixes). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mmc: sdhci: Add LTR support for some Intel BYT based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mt76: add missing locking around ampdu action (git-fixes). - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes). - mt76: do not use devm API for led classdev (git-fixes). - mt76: fix LED link time failure (git-fixes). - mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes). - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes). - net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes). - nfs: Fix security label length not being reset (bsc#1176381). - nfs: ensure correct writeback errors are returned on close() (git-fixes). - nfs: nfs_file_write() should check for writeback errors (git-fixes). - nfsd4: fix NULL dereference in nfsd/clients display code (git-fixes). - nvme-multipath: retry commands for dying queues (bsc#1171688). - pNFS/flexfiles: Ensure we initialise the mirror bsizes correctly on read (git-fixes). - phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes). - pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes). - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599). - platform/x86: intel_pmc_core: do not create a static struct device (git-fixes). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - power: supply: max17040: Correct voltage reading (git-fixes). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - qla2xxx: Return EBUSY on fcport deletion (bsc#1171688). - r8169: fix data corruption issue on RTL8402 (bsc#1174098). - rbd-add-rbd_img_fill_cmp_and_write_from_bvecs.patch: (bsc#1177090). - rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch: (bsc#1177090). - regulator: axp20x: fix LDO2/4 description (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - rename Other drivers / Intel IOMMU subsection to IOMMU - rtc: ds1374: fix possible race condition (git-fixes). - rtc: sa1100: fix possible race condition (git-fixes). - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Avoid creating large imbalances at task creation time (bnc#1176588). - sched/numa: Check numa balancing information only when enabled (bnc#1176588). - sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add SLER and PI control support (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix memory size truncation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Performance tweak (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1171688 bsc#1174003). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - serial: uartps: Wait for tx_empty in console setup (git-fixes). - spi: dw-pci: free previously allocated IRQs if desc->setup() fails (git-fixes). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - spi: omap2-mcspi: Improve performance waiting for CHSTAT (git-fixes). - spi: sprd: Release DMA channel also on probe deferral (git-fixes). - spi: stm32: Rate-limit the 'Communication suspended' message (git-fixes). - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (git-fixes). - target-compare-and-write-backend-driver-sense-handli.patch: (bsc#1177719). - target-rbd-add-WRITE-SAME-support.patch: (bsc#1177090). - target-rbd-add-emulate_legacy_capacity-dev-attribute.patch: (bsc#1177109). - target-rbd-conditionally-fix-off-by-one-bug-in-get_b.patch: (bsc#1177109). - target-rbd-detect-stripe_unit-SCSI-block-size-misali.patch: (bsc#1177090). - target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271). - target-rbd-fix-unmap-handling-with-unmap_zeroes_data.patch: (bsc#1177271). - target-rbd-support-COMPARE_AND_WRITE.patch: (bsc#1177090). - thermal: rcar_thermal: Handle probe error gracefully (git-fixes). - usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979). - virtio-net: do not disable guest csum when disable LRO (git-fixes). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes). - wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1176907). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xprtrdma: fix incorrect header size calculations (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Important SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1155798 SUSE bug 1165692 SUSE bug 1168468 SUSE bug 1171675 SUSE bug 1171688 SUSE bug 1174003 SUSE bug 1174098 SUSE bug 1175599 SUSE bug 1175621 SUSE bug 1175718 SUSE bug 1175807 SUSE bug 1176019 SUSE bug 1176381 SUSE bug 1176400 SUSE bug 1176588 SUSE bug 1176907 SUSE bug 1176979 SUSE bug 1177090 SUSE bug 1177109 SUSE bug 1177121 SUSE bug 1177193 SUSE bug 1177194 SUSE bug 1177206 SUSE bug 1177258 SUSE bug 1177271 SUSE bug 1177283 SUSE bug 1177284 SUSE bug 1177285 SUSE bug 1177286 SUSE bug 1177297 SUSE bug 1177384 SUSE bug 1177511 SUSE bug 1177617 SUSE bug 1177681 SUSE bug 1177683 SUSE bug 1177687 SUSE bug 1177694 SUSE bug 1177697 SUSE bug 1177719 SUSE bug 1177724 SUSE bug 1177725 SUSE bug 1177726 SUSE bug 802154 SUSE bug 954532 CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 CVE-2020-25212 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll <value>' did not limit the number of saved files to <value>. - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1100369 SUSE bug 1109160 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1128220 SUSE bug 1156205 SUSE bug 1157051 SUSE bug 1161168 SUSE bug 1170667 SUSE bug 1170713 SUSE bug 1171313 SUSE bug 1171740 SUSE bug 1172958 SUSE bug 1173307 SUSE bug 1173311 SUSE bug 1173983 SUSE bug 1175443 SUSE bug 1176092 SUSE bug 1176674 SUSE bug 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for transfig fixes the following issues: Security issue fixed: - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1143650 CVE-2019-14275 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV was used (bsc#1177351). - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1177351 SUSE bug 1177352 CVE-2020-7069 CVE-2020-7070 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: -chromium was updated to 86.0.4240.75 (boo#1177408): - CVE-2020-15967: Fixed Use after free in payments. - CVE-2020-15968: Fixed Use after free in Blink. - CVE-2020-15969: Fixed Use after free in WebRTC. - CVE-2020-15970: Fixed Use after free in NFC. - CVE-2020-15971: Fixed Use after free in printing. - CVE-2020-15972: Fixed Use after free in audio. - CVE-2020-15990: Fixed Use after free in autofill. - CVE-2020-15991: Fixed Use after free in password manager. - CVE-2020-15973: Fixed Insufficient policy enforcement in extensions. - CVE-2020-15974: Fixed Integer overflow in Blink. - CVE-2020-15975: Fixed Integer overflow in SwiftShader. - CVE-2020-15976: Fixed Use after free in WebXR. - CVE-2020-6557: Fixed Inappropriate implementation in networking. - CVE-2020-15977: Fixed Insufficient data validation in dialogs. - CVE-2020-15978: Fixed Insufficient data validation in navigation. - CVE-2020-15979: Fixed Inappropriate implementation in V8. - CVE-2020-15980: Fixed Insufficient policy enforcement in Intents. - CVE-2020-15981: Fixed Out of bounds read in audio. - CVE-2020-15982: Fixed Side-channel information leakage in cache. - CVE-2020-15983: Fixed Insufficient data validation in webUI. - CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox. - CVE-2020-15985: Fixed Inappropriate implementation in Blink. - CVE-2020-15986: Fixed Integer overflow in media. - CVE-2020-15987: Fixed Use after free in WebRTC. - CVE-2020-15992: Fixed Insufficient policy enforcement in networking. - CVE-2020-15988: Fixed Insufficient policy enforcement in downloads. - CVE-2020-15989: Fixed Uninitialized Use in PDFium. Critical SUSE bug 1177408 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 CVE-2020-6557 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mailman to version 2.1.34 fixes the following issues: - The fix for lp#1859104 can result in ValueError being thrown on attempts to subscribe to a list. This is fixed and extended to apply REFUSE_SECOND_PENDING to unsubscription as well. (lp#1878458) - DMARC mitigation no longer misses if the domain name returned by DNS contains upper case. (lp#1881035) - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent mailbombing of a member of a list with private rosters by repeated subscribe attempts. (lp#1883017) - Very long filenames for scrubbed attachments are now truncated. (lp#1884456) - A content injection vulnerability via the private login page has been fixed. CVE-2020-15011 (lp#1877379, bsc#1173369) - A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh. CVE-2020-12108 (lp#1873722, bsc#1171363) - Bounce recognition for a non-compliant Yahoo format is added. - Archiving workaround for non-ascii in string.lowercase in some Python packages is added. - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses list setting that can be used to apply dmarc_moderation_action to mail From: addresses listed or matching listed regexps. This can be used to modify mail to addresses that don't accept external mail From: themselves. - There is a new MAX_LISTNAME_LENGTH setting. The fix for lp#1780874 obtains a list of the names of all the all the lists in the installation in order to determine the maximum length of a legitimate list name. It does this on every web access and on sites with a very large number of lists, this can have performance implications. See the description in Defaults.py for more information. - Thanks to Ralf Jung there is now the ability to add text based captchas (aka textchas) to the listinfo subscribe form. See the documentation for the new CAPTCHA setting in Defaults.py for how to enable this. Also note that if you have custom listinfo.html templates, you will have to add a <mm-captcha-ui> tag to those templates to make this work. This feature can be used in combination with or instead of the Google reCAPTCHA feature added in 2.1.26. - Thanks to Ralf Hildebrandt the web admin Membership Management section now has a feature to sync the list's membership with a list of email addresses as with the bin/sync_members command. - There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This controls the dropping of addresses from the Cc: header in delivered messages by the duplicate avoidance process. (lp#1845751) - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause a second request to subscribe to a list when there is already a pending confirmation for that user. This can be set to Yes to prevent mailbombing of a third party by repeatedly posting the subscribe form. (lp#1859104) - Fixed the confirm CGI to catch a rare TypeError on simultaneous confirmations of the same token. (lp#1785854) - Scrubbed application/octet-stream MIME parts will now be given a .bin extension instead of .obj. CVE-2020-12137 (lp#1886117) - Added bounce recognition for a non-compliant opensmtpd DSN with Action: error. (lp#1805137) - Corrected and augmented some security log messages. (lp#1810098) - Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All. (lp#1818205) - Leading/trailing spaces in provided email addresses for login to private archives and the user options page are now ignored. (lp#1818872) - Fixed the spelling of the --no-restart option for mailmanctl. - Fixed an issue where certain combinations of charset and invalid characters in a list's description could produce a List-ID header without angle brackets. (lp#1831321) - With the Postfix MTA and virtual domains, mappings for the site list -bounces and -request addresses in each virtual domain are now added to data/virtual-mailman (-owner was done in 2.1.24). (lp#1831777) - The paths.py module now extends sys.path with the result of site.getsitepackages() if available. (lp#1838866) - A bug causing a UnicodeDecodeError in preparing to send the confirmation request message to a new subscriber has been fixed. (lp#1851442) - The SimpleMatch heuristic bounce recognizer has been improved to not return most invalid email addresses. (lp#1859011) Moderate SUSE bug 1171363 SUSE bug 1173369 CVE-2020-12108 CVE-2020-12137 CVE-2020-15011 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: opera was updated to version 71.0.3770.228 - DNA-87466 Hide extensions icon is black in dark theme - DNA-88580 Implement search_in_tabs telemetry benchmark - DNA-88591 Allow to scroll down the Keyboards Shortcuts section with URL - DNA-88693 Random crash in SmartFilesBrowserTest - DNA-88793 change VPN disclaimer modal layout - DNA-88799 Only active workspaces and active messengers should be listed in keyboard shortcuts settings - DNA-88838 add automatic VPN connection preference setting - DNA-88870 Align VPN popup to new design - DNA-88900 Turn off Tutorials in Opera GX – implementation - DNA-88931 Add info about channel and product (OPR, OPRGX) to rollout requests - DNA-88940 Allow continue-shopping|booking-host-override switch to handle host and path - DNA-88946 Auto-connect VPN after browser startup only for existing VPN users - DNA-89009 Change URL for search-suggestions - DNA-89021 Make RH test driver pack to a separate archive - DNA-89150 Unhardcode ‘From’ and ‘To’ strings in Advanced History Search - DNA-89175 Desktop without a flow paring should not initialize in browser startup Opera was updated to version 71.0.3770.198 - CHR-8106 Update chromium on desktop-stable-85-3770 to 85.0.4183.121 - DNA-85648 Reconnecting Flow with iOS is unstable - DNA-87130 Spinner is stretched instead of clipped - DNA-87989 In Find in Page, “No matches” doesn’t go away after deleting all text - DNA-88098 Data URLs entries should not open new tab after click on new history page - DNA-88267 Extra semicolon in Russian BABE translation - DNA-88312 [Win] Downloads file drag and drop doesn’t work in Opera - DNA-88363 Add premium extension functionality - DNA-88580 Implement search_in_tabs telemetry benchmark - DNA-88611 Black font on a dark background in sync login dialog - DNA-88626 Disable #easy-files on desktop-stable-85-xxxx - DNA-88701 String “Type a shortcut” is hardcoded - DNA-88755 Crash at extensions::WebstoreOneClickInstallerUIImpl:: RemoveAllInfobarsExcept(opera::ExtensionInstallInfoBarDelegate*) - DNA-88797 Change ‘Register’ to ‘Tab’ in German - DNA-88851 [History][Resized window] Button and date input look bad - DNA-88958 Crash at net::`anonymous namespace”::Escape - The update to chromium 85.0.4183.121 fixes following issues: - CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963, CVE-2020-15965, CVE-2020-15966, CVE-2020-15964 - Update to version 71.0.3770.148 - CHR-8091 Update chromium on desktop-stable-85-3770 to 85.0.4183.102 - DNA-87785 [Mac] “Alitools” text in extension toolbar overlaps Install button - DNA-87935 Make SSD smaller by 25% - DNA-87963 Hidden Avira extension in avira_2 edition - DNA-88015 [MyFlow] Desktop doesn’t show itself in devices list - DNA-88469 Add context menu options to configure shortcuts - DNA-88496 Define a/b test in ab_tests.json - DNA-88537 Don’t filter out hashes from feature reference groups coming from rollout - DNA-88580 Implement search_in_tabs telemetry benchmark - DNA-88604 [History panel] Search bar covers the “Clear browsing data” button - DNA-88619 String ‘Download complete’ is cut on download popup - DNA-88645 Remove option should not be available for last workspace - DNA-88718 [History panel] fix delete button overflow issue - The update to chromium 85.0.4183.102 fixes following issues: - CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959 - Complete Opera 71.0 changelog at: https://blogs.opera.com/desktop/changelog-for-71/ - Update to version 70.0.3728.144 - CHR-8057 Update chromium on desktop-stable-84-3728 to 84.0.4147.135 - DNA-88027 [Mac] Downloads icon disappears when downloads popup is shown - DNA-88204 Crash at opera::DownloadItemView::OnMousePressed (ui::MouseEvent const&) - The update to chromium 84.0.4147.135 fixes following issues: - CVE-2020-6556 Important CVE-2020-15959 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-6556 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hunspell fixes the following issues: - CVE-2019-16707: Fixed an invalid read in SuggestMgr:leftcommonsubstring (bsc#1151867). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1151867 CVE-2019-16707 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for atftp fixes the following issues: - [boo#1176437, CVE-2020-6097] A specially crafted sequence of RRQ-Multicast requests can trigger an assert() call resulting denial-of-service. Important SUSE bug 1176437 CVE-2020-6097 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Update to 86.0.4240.111 boo#1177936 - CVE-2020-16000: Inappropriate implementation in Blink. - CVE-2020-16001: Use after free in media. - CVE-2020-16002: Use after free in PDFium. - CVE-2020-15999: Heap buffer overflow in Freetype. - CVE-2020-16003: Use after free in printing. Important SUSE bug 1177936 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176086 SUSE bug 1176181 SUSE bug 1176671 CVE-2020-24659 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tensorflow2 fixes the following issues: - updated to 2.1.2 with following fixes (boo#1177022): * Fixes an undefined behavior causing a segfault in tf.raw_ops.Switch (CVE-2020-15190) * Fixes three vulnerabilities in conversion to DLPack format (CVE-2020-15191, CVE-2020-15192, CVE-2020-15193) * Fixes two vulnerabilities in SparseFillEmptyRowsGrad (CVE-2020-15194, CVE-2020-15195) * Fixes an integer truncation vulnerability in code using the work sharder API (CVE-2020-15202) * Fixes a format string vulnerability in tf.strings.as_string (CVE-2020-15203) * Fixes segfault raised by calling session-only ops in eager mode (CVE-2020-15204) * Fixes data leak and potential ASLR violation from tf.raw_ops.StringNGrams (CVE-2020-15205) * Fixes segfaults caused by incomplete SavedModel validation (CVE-2020-15206) * Fixes a data corruption due to a bug in negative indexing support in TFLite (CVE-2020-15207) * Fixes a data corruption due to dimension mismatch in TFLite (CVE-2020-15208) * Fixes several vulnerabilities in TFLite saved model format (CVE-2020-15209, CVE-2020-15210, CVE-2020-15211) Moderate SUSE bug 1173314 SUSE bug 1175099 SUSE bug 1175789 SUSE bug 1177022 CVE-2020-15190 CVE-2020-15191 CVE-2020-15192 CVE-2020-15193 CVE-2020-15194 CVE-2020-15195 CVE-2020-15202 CVE-2020-15203 CVE-2020-15204 CVE-2020-15205 CVE-2020-15206 CVE-2020-15207 CVE-2020-15208 CVE-2020-15209 CVE-2020-15210 CVE-2020-15211 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for singularity fixes the following issues: Update to new version 3.6.4: - CVE-2020-15229: Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create files on the host filesystem during the extraction of a crafted squashfs filesystem (boo#1177901). Important SUSE bug 1177901 CVE-2020-15229 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for lout fixes the following issues: - CVE-2019-19918: Fixed buffer overflow in srcnext() (boo#1159713). - CVE-2019-19917: Fixed buffer overflow in StringQuotedWord() (boo#1159714). Important SUSE bug 1159713 SUSE bug 1159714 CVE-2019-19917 CVE-2019-19918 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - qemu: Avoid stale capabilities cache host CPU or kernel command line changes (bsc#1173157). - virdevmapper: Handle kernel without device-mapper support (bsc#1175465). - Xen: Added support for passing arbitrary commands to the qemu device model, similar to the xl.cfg(5) device_model_args setting (bsc#1174139). - Xen: Don't add dom0 twice on driver reload (bsc#1176430). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1173157 SUSE bug 1174139 SUSE bug 1174955 SUSE bug 1175465 SUSE bug 1176430 SUSE bug 1177155 CVE-2020-15708 CVE-2020-25637 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 * new: MailExtensions: browser.tabs.sendMessage API added * new: MailExtensions: messageDisplayScripts API added * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages * changed: MailExtensions: compose.begin functions now support creating a message with attachments * fixed: Thunderbird could freeze when updating global search index * fixed: Multiple issues with handling of self-signed SSL certificates addressed * fixed: Recipient address fields in compose window could expand to fill all available space * fixed: Inserting emoji characters in message compose window caused unexpected behavior * fixed: Button to restore default folder icon color was not keyboard accessible * fixed: Various keyboard navigation fixes * fixed: Various color-related theme fixes * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4 - Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * Creating a new calendar event did not require an event title - Mozilla Thunderbird 78.3.2 (bsc#1176899) * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes - Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 Download origin spoofing via redirect * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3 - update mozilla-nspr to version 4.25.1 * The macOS platform code for shared library loading was changed to support macOS 11. * Dependency needed for the MozillaThunderbird udpate This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174230 SUSE bug 1176384 SUSE bug 1176756 SUSE bug 1176899 SUSE bug 1177977 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683 CVE-2020-15969 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for pacemaker fixes the following issues: Update to 2.0.4: - based: use crm_exit to free qb-logging - cibsecret: don't use pssh -q option unless supported - crm_error: use g_free for a proper match - crm_mon: NULL output-pointer when buffer is freed - crm_resource: avoid unnecessary issus with dynamic allocation - crm_ticket: avoid unnecessary issues with dynamic allocation - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - fencer: avoid infinite loop if device is removed during operation - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - libcrmcommon: free basename after setting prgname - libcrmcommon: return ENOMEM directly instead of errno - libpe_status: Modify filtering of inactive resources. - libreplace: closedir when bailing out dir traversal - move bcond_with/without up front for e.g. pcmk_release - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - resources: attribute name parameter doesn't have to be unique - rpm: add spec option for enabling CIB secrets - rpm: put user-configurable items at top of spec - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) - scheduler: Add the node name back to bundle instances. - silence some false positives static analysis stumbled over - tools: check resource separately from managing parameter in cibsecret - tools: free IPC memory after closing connection - tools: improve cibsecret help - tools: verify newly created CIB connection is not NULL This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1167171 SUSE bug 1173668 SUSE bug 1175557 SUSE bug 1177916 CVE-2020-25654 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for virt-bootstrap fixes the following issues: Security issue fixed: - CVE-2019-13314: Allow providing the container's root password using a file (bsc#1140750). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1140750 CVE-2019-13314 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for sane-backends fixes the following issues: sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560) and also fix various security issues: - CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524) - CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524) - CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524) The upstream changelogs can be found here: - https://gitlab.com/sane-project/backends/-/releases/1.0.28 - https://gitlab.com/sane-project/backends/-/releases/1.0.29 - https://gitlab.com/sane-project/backends/-/releases/1.0.30 - https://gitlab.com/sane-project/backends/-/releases/1.0.31 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172524 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1177582 CVE-2020-13943 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for spice fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1177158 CVE-2020-14355 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1177158 CVE-2020-14355 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for binutils fixes the following issues: binutils was updated to version 2.35. (jsc#ECO-2373) Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. - fix DT_NEEDED order with -flto [bsc#1163744] Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. - Add new subpackages for libctf and libctf-nobfd. - Disable LTO due to bsc#1163333. - Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078 - fix various build fails on aarch64 (PR25210, bsc#1157755). Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=<txt>] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment <section-name>=<power-of-2-align> option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. - Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924 * Add xBPF target * Fix various problems with DWARF 5 support in gas * fix nm -B for objects compiled with -flto and -fcommon. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1126826 SUSE bug 1126829 SUSE bug 1126831 SUSE bug 1140126 SUSE bug 1142649 SUSE bug 1143609 SUSE bug 1153768 SUSE bug 1153770 SUSE bug 1157755 SUSE bug 1160254 SUSE bug 1160590 SUSE bug 1163333 SUSE bug 1163744 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for samba fixes the following issues: Update to samba 4.11.14 - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). - lib/util: Do not install /usr/bin/test_util - smbd: don't log success as error - idmap_ad does not deal properly with a RFC4511 section 4.4.1 response; - winbind: Fix a memleak - idmap_ad: Pass tldap debug messages on to DEBUG() - lib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE - ctdb disable/enable can fail due to race condition This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1173902 SUSE bug 1173994 SUSE bug 1177613 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for icinga2 fixes the following issues: - Info that since version 2.12.0 following security issue is fixed: prepare-dirs script allows for symlink attack in the icinga user context. boo#1172171 (CVE-2020-14004) Update to 2.12.1: * Bugfixes + Core - Fix crashes during config update #8348 #8345 - Fix crash while removing a downtime #8228 - Ensure the daemon doesn't get killed by logrotate #8170 - Fix hangup during shutdown #8211 - Fix a deadlock in Icinga DB #8168 - Clean up zombie processes during reload #8376 - Reduce check latency #8276 + IDO - Prevent unnecessary IDO updates #8327 #8320 - Commit IDO MySQL transactions earlier #8349 - Make sure to insert IDO program status #8330 - Improve IDO queue stats logging #8271 #8328 #8379 + Misc - Ensure API connections are closed properly #8293 - Prevent unnecessary notifications #8299 - Don't skip null values of command arguments #8174 - Fix Windows .exe version #8234 - Reset Icinga check warning after successful config update #8189 Update to 2.12.0: * Breaking changes - Deprecate Windows plugins in favor of our - PowerShell plugins #8071 - Deprecate Livestatus #8051 - Refuse acknowledging an already acknowledged checkable #7695 - Config lexer: complain on EOF in heredocs, i.e. {{{abc<EOF> #7541 * Enhancements + Core - Implement new database backend: Icinga DB #7571 - Re-send notifications previously suppressed by their time periods #7816 + API - Host/Service: Add acknowledgement_last_change and next_update attributes #7881 #7534 - Improve error message for POST queries #7681 - /v1/actions/remove-comment: let users specify themselves #7646 - /v1/actions/remove-downtime: let users specify themselves #7645 - /v1/config/stages: Add 'activate' parameter #7535 + CLI - Add pki verify command for better TLS certificate troubleshooting #7843 - Add OpenSSL version to 'Build' section in --version #7833 - Improve experience with 'Node Setup for Agents/Satellite' #7835 + DSL - Add get_template() and get_templates() #7632 - MacroProcessor::ResolveArguments(): skip null argument values #7567 - Fix crash due to dependency apply rule with ignore_on_error and non-existing parent #7538 - Introduce ternary operator (x ? y : z) #7442 - LegacyTimePeriod: support specifying seconds #7439 - Add support for Lambda Closures (() use(x) => x and () use(x) => { return x }) #7417 + ITL - Add notemp parameter to oracle health #7748 - Add extended checks options to snmp-interface command template #7602 - Add file age check for Windows command definition #7540 + Docs - Development: Update debugging instructions #7867 - Add new API clients #7859 - Clarify CRITICAL vs. UNKNOWN #7665 - Explicitly explain how to disable freshness checks #7664 - Update installation for RHEL/CentOS 8 and SLES 15 #7640 - Add Powershell example to validate the certificate #7603 + Misc - Don't send event::Heartbeat to unauthenticated peers #7747 - OpenTsdbWriter: Add custom tag support #7357 * Bugfixes + Core - Fix JSON-RPC crashes #7532 #7737 - Fix zone definitions in zones #7546 - Fix deadlock during start on OpenBSD #7739 - Consider PENDING not a problem #7685 - Fix zombie processes after reload #7606 - Don't wait for checks to finish during reload #7894 + Cluster - Fix segfault during heartbeat timeout with clients not yet signed #7970 - Make the config update process mutually exclusive (Prevents file system race conditions) #7936 - Fix check_timeout not being forwarded to agent command endpoints #7861 - Config sync: Use a more friendly message when configs are equal and don't need a reload #7811 - Fix open connections when agent waits for CA approval #7686 - Consider a JsonRpcConnection alive on a single byte of TLS payload, not only on a whole message #7836 - Send JsonRpcConnection heartbeat every 20s instead of 10s #8102 - Use JsonRpcConnection heartbeat only to update connection liveness (m_Seen) #8142 - Fix TLS context not being updated on signed certificate messages on agents #7654 + API - Close connections w/o successful TLS handshakes after 10s #7809 - Handle permission exceptions soon enough, returning 404 #7528 + SELinux - Fix safe-reload #7858 - Allow direct SMTP notifications #7749 + Windows - Terminate check processes with UNKNOWN state on timeout #7788 - Ensure that log replay files are properly renamed #7767 + Metrics - Graphite/OpenTSDB: Ensure that reconnect failure is detected #7765 - Always send 0 as value for thresholds #7696 + Scripts - Fix notification scripts to stay compatible with Dash #7706 - Fix bash line continuation in mail-host-notification.sh #7701 - Fix notification scripts string comparison #7647 - Service and host mail-notifications: Add line-breaks to very long output #6822 - Set correct UTF-8 email subject header (RFC1342) #6369 + Misc - DSL: Fix segfault due to passing null as custom function to Array#{sort,map,reduce,filter,any,all}() #8053 - CLI: pki save-cert: allow to specify --key and --cert for backwards compatibility #7995 - Catch exception when trusted cert is not readable during node setup on agent/satellite #7838 - CheckCommand ssl: Fix wrong parameter -N #7741 - Code quality fixes - Small documentation fixes - Update to 2.11.5 Version 2.11.5 fixes file system race conditions in the config update process occurring in large HA environments and improves the cluster connection liveness mechanisms. * Bugfixes + Make the config update process mutually exclusive (Prevents file system race conditions) #8093 + Consider a JsonRpcConnection alive on a single byte of TLS payload, not only on a whole message #8094 + Send JsonRpcConnection heartbeat every 20s instead of 10s #8103 + Use JsonRpcConnection heartbeat only to update connection liveness (m_Seen) #8097 - Update to 2.11.4 Version 2.11.4 fixes a crash during a heartbeat timeout with clients not yet signed. It also resolves an issue with endpoints not reconnecting after a reload/deploy, which caused a lot of UNKNOWN states. * Bugfixes + Cluster - Fix segfault during heartbeat timeout with clients not yet signed #7997 - Fix endpoints not reconnecting after reload (UNKNOWN hosts/services after reload) #8043 + Setup - Fix exception on trusted cert not readable during node setup #8044 - prepare-dirs: Only set permissions during directory creation #8046 + DSL - Fix segfault on missing compare function in Array functions (sort, map, reduce, filter, any, all) #8054 - Update to 2.11.3 * Bugfixes - Cluster Fix JSON-RPC crashes (#7532) in large environments: #7846 #7848 #7849 - Set minimum require boost version to 1.66 - Fix boo#1159869 Permission error when use the icinga cli wizard. - BuildRequire pkgconfig(libsystemd) instead of systemd-devel: Aloow OBS to shortcut through the -mini flavors. - Update to 2.11.2 This release fixes a problem where the newly introduced config sync 'check-change-then-reload' functionality could cause endless reload loops with agents. The most visible parts are failing command endpoint checks with 'not connected' UNKNOWN state. Only applies to HA enabled zones with 2 masters and/or 2 satellites. * Bugfixes - Cluster Config Sync - Config sync checksum change detection may not work within high load HA clusters #7565 - Update to 2.11.1 This release fixes a hidden long lasting bug unveiled with 2.11 and distributed setups. If you are affected by agents/satellites not accepting configuration anymore, or not reloading, please upgrade. * Bugfixes - Cluster Config Sync - Never accept authoritative config markers from other instances #7552 - This affects setups where agent/satellites are newer than the config master, e.g. satellite/agent=2.11.0, master=2.10. - Configuration - Error message for command_endpoint should hint that zone is not set #7514 - Global variable 'ActiveStageOverride' has been set implicitly via 'ActiveStageOverride ... #7521 * Documentation - Docs: Add upgrading/troubleshooting details for repos, config sync, agents #7526 - Explain repository requirements for 2.11: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#added-boost-166 - command_endpoint objects require a zone: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#agent-hosts-with-command-endpoint-require-a-zone - Zones declared in zones.d are not loaded anymore: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#config-sync-zones-in-zones - Update to 2.11.0 * Core - Rewrite Network Stack (cluster, REST API) based on Boost Asio, Beast, Coroutines - Technical concept: #7041 - Requires package updates: Boost >1.66 (either from packages.icinga.com, EPEL or backports). SLES11 & Ubuntu 14 are EOL. - Require TLS 1.2 and harden default cipher list - Improved Reload Handling (umbrella process, now 3 processes at runtime) - Support running Icinga 2 in (Docker) containers natively in foreground - Quality: Use Modern JSON for C++ library instead of YAJL (dead project) - Quality: Improve handling of invalid UTF8 strings * API - Fix crashes on Linux, Unix and Windows from Nessus scans #7431 - Locks and stalled waits are fixed with the core rewrite in #7071 - schedule-downtime action supports all_services for host downtimes - Improve storage handling for runtime created objects in the _api package * Cluster - HA aware features & improvements for failover handling #2941 #7062 - Improve cluster config sync with staging #6716 - Fixed that same downtime/comment objects would be synced again in a cluster loop #7198 * Checks & Notifications - Ensure that notifications during a restart are sent - Immediately notify about a problem after leaving a downtime and still NOT-OK - Improve reload handling and wait for features/metrics - Store notification command results and sync them in HA enabled zones #6722 * DSL/Configuration - Add getenv() function - Fix TimePeriod range support over midnight - concurrent_checks in the Checker feature has no effect, use the global MaxConcurrentChecks constant instead * CLI - Permissions: node wizard/setup, feature, api setup now run in the Icinga user context, not root - ca list shows pending CSRs by default, ca remove/restore allow to delete signing requests * ITL - Add new commands and missing attributes * Windows - Update bundled NSClient++ to 0.5.2.39 - Refine agent setup wizard & update requirements to .NET 4.6 * Documentation - Service Monitoring: How to create plugins by example, check commands and a modern version of the supported plugin API with best practices - Features: Better structure on metrics, and supported features - Technical Concepts: TLS Network IO, Cluster Feature HA, Cluster Config Sync - Development: Rewritten for better debugging and development experience for contributors including a style guide. Add nightly build setup instructions. - Packaging: INSTALL.md was integrated into the Development chapter, being available at https://icinga.com/docs too. - Update to 2.10.6 * Bugfixes - Fix el7 not loading ECDHE cipher suites #7247 - update to 2.10.5 * Core - Fix crashes with logrotate signals #6737 (thanks Elias Ohm) * API - Fix crashes and problems with permission filters from recent Namespace introduction #6785 (thanks Elias Ohm) #6874 (backported from 2.11) - Reduce log spam with locked connections (real fix is the network stack rewrite in 2.11) #6877 * Cluster - Fix problems with replay log rotation and storage #6932 (thanks Peter Eckel) * IDO DB - Fix that reload shutdown deactivates hosts and hostgroups (introduced in 2.9) #7157 * Documentation - Improve the REST API chapter: Unix timestamp handling, filters, unify POST requests with filters in the body - Better layout for the features chapter, specifically metrics and events - Split object types into monitoring, runtime, features - Add technical concepts for cluster messages Moderate SUSE bug 1159869 SUSE bug 1172171 SUSE bug 1174075 CVE-2020-14004 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for claws-mail fixes the following issues: - Additional cleanup of the template handling claws-mail was updated to 3.17.8 (boo#1177967) * Shielded template's |program{} and |attach_program{} so that the command-line that is executed does not allow sequencing such as with && || ;, preventing possible execution of nasty, or at least unexpected, commands * bug fixes: claws#4376 * updated English, French, and Spanish manuals - Update to 3.17.7 * Image Viewer: Image attachments, when displayed, are now resized to fit the available width rather than the available height. * -d is now an alias to --debug. * Libravatar plugin: New styles supported: Robohash and Pagan. * SpamAssassin plugin: The 'Maximum size' option now matches SpamAssassin's maximum; it can now handle messages up to 256MB. * LiteHTML viewer plugin: The UI is now translatable. Bug fixes: * bug 4313, 'Recursion stack overflow with rebuilding folder tree' * bug 4372, '[pl_PL] Crash after 'Send later' without recipient and then 'Close'' * bug 4373, 'attach mailto URI double free' * bug 4374, 'insert mailto URI misses checks' * bug 4384, 'U+00AD (soft hyphen) changed to space in Subject' * bug 4386, 'Allow Sieve config without userid without warning' * Add missing SSL settings when cloning accounts. * Parsing of command-line arguments. * PGP Core plugin: fix segv in address completion with a keyring. * Libravatar plugin: fixes to image display. - Disable python-gtk plugin on suse_version > 1500: still relying on python2, which is EOL. - Update to 3.17.6: * It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. * A Phishing warning is now shown when copying a phishing URL, (in addition to clicking a phishing URL). * The progress window when importing an mbox file is now more responsive. * A warning dialogue is shown if the selected privacy system is 'None' and automatic signing amd/or encrypting is enabled. * Python plugin: pkgconfig is now used to check for python2. This enables the Python plugin (which uses python2) to be built on newer systems which have both python2 and python3. Bug fixes: * bug 3922, 'minimize to tray on startup not working' * bug 4220, 'generates files in cache without content' * bug 4325, 'Following redirects when retrieving image' * bug 4342, 'Import mbox file command doesn't work twice on a row' * fix STARTTLS protocol violation * fix initial debug line * fix fat-fingered crash when v (hiding msgview) is pressed just before c (check signature) * fix non-translation of some Templates strings - Update to 3.17.5 + Inline Git patches now have colour syntax highlighting The colours of these, and patch attachments, are configurable on the 'Other' tab of the Display/Colors page of the general preferences. + The previously hidden preference, 'summary_from_show', is now configurable within the UI, on the 'Message List' tab of the Display/Summaries page of the general preferences, 'Displayed in From column [ ]'. + 'Re-edit' has been added to the message context menu when in the Drafts folder. + Additional Date header formats are supported: - weekday, month, day, hh, mm, ss, year, zone - weekday, month, day, hh, mm, ss, year + LiteHtml viewer plugin: scrolling with the keyboard has been implemented. + The included tools/scripts have been updated: - eud2gc.py converted to Python 3 - tbird2claws.py converted to Python 3 - tbird2claws.py converted to Python 3 - google_search.pl has been replaced with ddg_search.pl (that is, duckduckgo.com instead of google.com) - fix_date.sh and its documentation have been updated - multiwebsearch.pl 'fm' (freshmeat.net) has been removed; 'google' has been replaced by 'ddg' - the outdated OOo2claws-mail.pl script has been removed + Updated manuals + Updated translations: British English, Catalan, Czech, Danish, Dutch, French, German, Russian, Slovak, Spanish, Swedish, Traditional Chinese, Turkish + bug fixes: claws#2131, claws#4237, claws#4239, claws#4248, claws#4253, claws#4257, claws#4277, claws#4278, claws#4305 + Misc bugs fixed: - Fix crash in litehtml_viewer when tag has no href - removed 'The following file has been attached...' dialogue - MBOX import: give a better estimation of the time left and grey out widgets while importing - Fixed 'vcard.c:238:2: warning: ‘strncpy’ output truncate before terminating nul copying as many bytes from a string as its length' - RSSyl: Fix handling deleted feed items where modified and published dates do not match - fix bolding of target folder - when creating a new account, don't pre-fill data from the default account - respect 'default selection' settings when moving a msg with manual filtering - Fix printing of empty pages when the selected part is rendered with a plugin not implementing print - Addressbook folder selection dialogs: make sure folder list is sorted and apply global prefs to get stripes in lists. - when user cancels the GPG signing passphrase dialogue, don't bother the user with an 'error' dialogue - Fix imap keyword search. Libetpan assumes keyword search is a MUST but RFC states it is a MAY. Fix advanced search on MS Exchange - fix SHIFT+SPACE in msg list, moving in reverse - revert pasting images as attachments - Fix help about command-line arguments that require a parameter. - Printing: only print as plain text if the part is of type text - fix a segfault with default info icon when trying to print a non-text part. - Add a test on build-time libetpan version to require the proper version at run-time (boo#1157594) - Move 'Mark all read/unread' menu entries where they belong. remove-MarkAll-from-message-menu.patch (claws#4278) add-MarkAll-to-folder-menu.patch (claws#4278) - Make litehtml plugin build on Tumbleweed. - Update to 3.17.4: * New HTML viewer plugin: Litehtml viewer * Added option 'Enable keyboard shortcuts' to the 'Keyboard shortcuts' frame on /Configuration/Preferences/Other/Miscellaneous * Compose: implemented copying of attached images to clipboard * Compose: images and text/uri-list (files) can now be attached by pasting into the Compose window * Python plugin: window sizes are now remembered for the Python console, the 'Open URLs' and the 'Set mailbox order' windows. * Fancy plugin: the download-link feature now follows redirections * MBOX export: the Enter key in the dialogue now starts the export * The date (ISO format) has been added to log timestamps * Update translations - bug 1920, 'No automatic NNTP filtering' - bug 2045, 'address book blocks focus on email window' - bug 2131, 'Focus stealing after mail check' - bug 2627, 'Filtering does not work on NNTP' - bug 3070, 'misbehaving text wrapping when URL chars are present' - bug 3838, 'Canceled right-click on message list leaves UI in inconsistent state' - bug 3977, 'Fix crashes when some external APIs fail' - bug 3979, 'Hang (with killing needed) during action which extracts attachments' - bug 4029, 'segfault after deleting message in a window' - bug 4031, 'fingerprint in SSL/TLS certificates for ... (regress error)' - bug 4037, 'Fix some small issues' - bug 4142, 'Translation error on Russian' - bug 4145, 'proxy server for sending doesn't work' - bug 4155, 'remember directory of last saving' - bug 4166, 'corrupted double-linked list' - bug 4167, 'Max line length exceeded when forwarding mail' - bug 4188, 'STL file is sent not as an attachment but as its base64 representation in plaintext' - CID 1442278, 'impossible to trigger buffer overflow' - Make key accelerators from menu work in addressbook window - save checkbox choices of display/summaries/defaults prefs - Do not throw an error when cancelling 'Save email as...'. - occasional crash on drag'n'drop of msgs - possible stack overflow in vcalendar's Curl data handler - crash when LDAP address source is defined in index, but - support is disabled - crash in Fancy plugin if one of the MIME parts has no - -ID - a few small memory leaks in scan_mailto_url() - configure script for rare cases where python is not installed - incorrect charset conversion in sc_html_read_line(). - markup in 'key not fully trusted' warning in pgpcore - use after free in rare code path in rssyl_subscribe() - several memory leaks - verify_folderlist_xml() for fresh starts - printf formats for size_t and goffset arguments. - alertpanel API use in win32 part of mimeview.c - pid handling in debug output of kill_children_cb() - incorrect pointer arithmetic in w32_filesel.c Moderate SUSE bug 1157594 SUSE bug 1177967 CVE-2020-15917 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Update to 86.0.4240.183 boo#1178375 - CVE-2020-16004: Use after free in user interface. - CVE-2020-16005: Insufficient policy enforcement in ANGLE. - CVE-2020-16006: Inappropriate implementation in V8 - CVE-2020-16007: Insufficient data validation in installer. - CVE-2020-16008: Stack buffer overflow in WebRTC. - CVE-2020-16009: Inappropriate implementation in V8. - CVE-2020-16011: Heap buffer overflow in UI on Windows. Important SUSE bug 1178375 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for salt fixes the following issues: - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) - Fix disk.blkid to avoid unexpected keyword argument '__pub_user'. (bsc#1177867) - Ensure virt.update stop_on_reboot is updated with its default value. - Do not break package building for systemd OSes. - Drop wrong mock from chroot unit test. - Support systemd versions with dot. (bsc#1176294) - Fix for grains.test_core unit test. - Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024) - Several changes to virtualization: * Fix virt update when cpu and memory are changed. * Memory Tuning GSoC. * Properly fix memory setting regression in virt.update. * Expose libvirt on_reboot in virt states. - Support transactional systems (MicroOS). - zypperpkg module ignores retcode 104 for search(). (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk. (bsc#1175987) - Invalidate file list cache when cache file modified time is in the future. (bsc#1176397) - Prevent import errors when running test_btrfs unit tests. This update was imported from the SUSE:SLE-15-SP2:Update update project. Critical SUSE bug 1159670 SUSE bug 1175987 SUSE bug 1176024 SUSE bug 1176294 SUSE bug 1176397 SUSE bug 1177867 SUSE bug 1178319 SUSE bug 1178361 SUSE bug 1178362 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tmux fixes the following issues: - Update to version 3.1c * Fix a stack overflow on colon-separated CSI parsing. boo#1178263 CVE-2020-27347 - tmux 3.1b: * Fix crash when allow-rename ison and an empty name is set - tmux 3.1a: * Do not close stdout prematurely in control mode since it is needed to print exit messages. Prevents hanging when detaching with iTerm2 - includes changes between 3.1-rc1 and 3.1: * Only search the visible part of the history when marking (highlighting) search terms. This is much faster than searching the whole history and solves problems with large histories. The count of matches shown is now the visible matches rather than all matches * Search using regular expressions in copy mode. search-forward and search-backward use regular expressions by default; the incremental versions do not * Turn off mouse mode 1003 as well as the rest when exiting * Add selection_active format for when the selection is present but not moving with the cursor * Fix dragging with modifier keys, so binding keys such as C-MouseDrag1Pane and C-MouseDragEnd1Pane now work * Add -a to list-keys to also list keys without notes with -N * Do not jump to next word end if already on a word end when selecting a word; fixes select-word with single character words and vi(1) keys * Fix top and bottom pane calculation with pane border status enabled - Update to v3.1-rc * Please see the included CHANGES file - Fix tmux completion - Update to v3.0a * A lot of changes since v2.9a, please see the included CHANGES file. - Update to v2.9a - Fix bugs in select-pane and the main-horizontal and main-vertical layouts. - Add trailing newline to tmpfiles.d/tmux.conf. On newer systems (such as Leap 15.1), the lack of a trailing newline appears to cause the directory to not be created. This is only evident on setups where /run is an actual tmpfs (on btrfs-root installs, /run is a btrfs subvolume and thus /run/tmux is persistent across reboots). - Update to version 2.9 * Add format variables for the default formats in the various modes (tree_mode_format and so on) and add a -a flag to display-message to list variables with values. * Add a -v flag to display-message to show verbose messages as the format is parsed, this allows formats to be debugged * Add support for HPA (\033[`). * Add support for origin mode (\033[?6h). * No longer clear history on RIS. * Extend the #[] style syntax and use that together with previous format changes to allow the status line to be entirely configured with a single option. * Add E: and T: format modifiers to expand a format twice (useful to expand the value of an option). * The individual -fg, -bg and -attr options have been removed; they were superseded by -style options in tmux 1.9. * Add -b to display-panes like run-shell. * Handle UTF-8 in word-separators option. * New 'terminal' colour allowing options to use the terminal default colour rather than inheriting the default from a parent option. * Do not move the cursor in copy mode when the mouse wheel is used. * Use the same working directory rules for jobs as new windows rather than always starting in the user's home. * Allow panes to be one line or column in size. * Go to last line when goto-line number is out of range in copy mode. * Yank previously cut text if any with C-y in the command prompt, only use the buffer if no text has been cut. * Add q: format modifier to quote shell special characters. * Add -Z to find-window. * Support for windows larger than the client. This adds two new options, window-size and default-size, and a new command, resize-window. The force-width and force-height options and the session_width and session_height formats have been removed. - update to 2.8 - move bash-completion to right place * Make display-panes block the client until a pane is chosen or it times out. * Clear history on RIS like most other terminals do. * Add an 'Any' key to run a command if a key is pressed that is not bound in the current key table. * Expand formats in load-buffer and save-buffer. * Add a rectangle_toggle format. * Add set-hook -R to run a hook immediately. * Add pane focus hooks. * Allow any punctuation as separator for s/x/y not only /. * Improve resizing with the mouse (fix resizing the wrong pane in some layouts, and allow resizing multiple panes at the same time). * Allow , and } to be escaped in formats as #, and #}. * Add KRB5CCNAME to update-environment. * Change meaning of -c to display-message so the client is used if it matches the session given to -t. * Fixes to : form of SGR. * Add x and X to choose-tree to kill sessions, windows or panes. - Add bash completion for tmux - Update to 2.7 * Remove EVENT_* variables from environment on platforms where tmux uses them so they do not pass on to panes. * Fixed for hooks at server exit. * Remove SGR 10 (was equivalent to SGR 0 but no other terminal seems to do this). * Expand formats in window and session names. * Add -Z flag to choose-tree, choose-client, choose-buffer to automatically zoom the pane when the mode is entered and unzoom when it exits, assuming the pane is not already zoomed. This is now part of the default key bindings. * Add C-g to exit modes with emacs keys. * Add exit-empty option to exit server if no sessions (default = on) * Show if a filter is present in choose modes. * Add pipe-pane -I to to connect stdin of the child process. * Performance improvements for reflow. * Use RGB terminfo(5) capability to detect RGB colour terminals (the existing Tc extension remains unchanged). * Support for ISO colon-separated SGR sequences. * Add select-layout -E to spread panes out evenly (bound to E key). * Support wide characters properly when reflowing. * Pass PWD to new panes as a hint to shells, as well as calling chdir(). * Performance improvements for the various choose modes. * Only show first member of session groups in tree mode (-G flag to choose-tree to show all). * Support %else in config files to match %if * Fix 'kind' terminfo(5) capability to be S-Down not S-Up. * Add a box around the preview label in tree mode. * Show exit status and time in the remain-on-exit pane text * Correctly use pane-base-index in tree mode. * Change the allow-rename option default to off. * Support for xterm(1) title stack escape sequences * Correctly remove padding cells to fix a UTF-8 display problem - build from release tarball instead of source (drops automake dep) - Bash completion is now removed and provided by - cleanup specfile directory with tmpfiles.d functionality in /run/tmux Moderate SUSE bug 1037468 SUSE bug 1116887 SUSE bug 1120170 SUSE bug 1178263 CVE-2018-19387 CVE-2020-27347 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gnome-settings-daemon, gnome-shell fixes the following issues: gnome-settings-daemon: - Add support for recent UCM related changes in ALSA and PulseAudio. (jsc#SLE-16518) - Don't warn when a default source or sink is missing and the PulseAudio daemon is restarting. (jsc#SLE-16518) - Don't warn about starting/stopping services which don't exist. (bsc#1172760). gnome-shell: - Add support for recent UCM related changes in ALSA and PulseAudio. (jsc#SLE-16518) - CVE-2020-17489: reset auth prompt on vt switch before fade in in loginDialog (bsc#1175155). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1172760 SUSE bug 1175155 CVE-2020-17489 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for u-boot fixes the following issues: - CVE-2020-8432: Fixed a double free in the cmd/gpt.c do_rename_gpt_parts() function, which allowed an attacker to execute arbitrary code (bsc#1162198) - CVE-2020-10648: Fixed improper signature verification during verified boot (bsc#1167209). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1162198 SUSE bug 1167209 CVE-2020-10648 CVE-2020-8432 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for sddm fixes the following issue: - Fix X not having access control on startup (boo#1177201, CVE-2020-28049). Moderate SUSE bug 1177201 CVE-2020-28049 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bluez fixes the following issues: - CVE-2020-27153: Fixed possible crash on disconnect (bsc#1177895). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177895 CVE-2020-27153 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wireshark fixes the following issues: - Update to wireshark 3.2.7: * CVE-2020-25863: MIME Multipart dissector crash (bsc#1176908) * CVE-2020-25862: TCP dissector crash (bsc#1176909) * CVE-2020-25866: BLIP dissector crash (bsc#1176910) * CVE-2020-17498: Kafka dissector crash (bsc#1175204) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175204 SUSE bug 1176908 SUSE bug 1176909 SUSE bug 1176910 CVE-2020-17498 CVE-2020-25862 CVE-2020-25863 CVE-2020-25866 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ImageMagick fixes the following issues: - CVE-2020-27560: Fixed potential denial of service in OptimizeLayerFrames function in MagickCore/layer.c (bsc#1178067). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178067 CVE-2020-27560 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for otrs fixes the following issues: - otrs was updated to 6.0.30 (OSA-2020-14 boo#1178434) - CVE-2020-11022, CVE-2020-11023: Vulnerability in third-party library - jquery OTRS uses jquery version 3.4.1, which is vulnerable to cross-site scripting (XSS). Moderate SUSE bug 1178434 CVE-2020-11022 CVE-2020-11023 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openj9 fixes the following issues: -OpenJDK was updated to 8u2732 build 10 with OpenJ9 0.23.0 virtual machine -includes Oracle July 2020 (bsc#1174157) and October 2020 CPU (bsc#1177943) - CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798 and CVE-2020-14803 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for spice-vdagent fixes the following issues: Security issues fixed: - CVE-2020-25650: Fixed a memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780). - CVE-2020-25651: Fixed a possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781). - CVE-2020-25652: Fixed a possibility to exhaust file descriptors in `vdagentd` (bsc#1177782). - CVE-2020-25653: Fixed a race condition when the UNIX domain socket peer PID retrieved via `SO_PEERCRED` (bsc#1177783). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1173749 SUSE bug 1177780 SUSE bug 1177781 SUSE bug 1177782 SUSE bug 1177783 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Make FONTX ioctl use the tty pointer they were actually passed (bsc#1178123). - CVE-2020-25656: Extend func_buf_lock to readers (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485). - CVE-2020-14351: Fixed race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-8694: Restrict energy meter to root access (bsc#1170415). - CVE-2020-16120: Check permission to open real file in overlayfs (bsc#1177470). - CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721) The following non-security bugs were fixed: - ACPI: Always build evged in (git-fixes). - ACPI: button: fix handling lid state changes when input device closed (git-fixes). - ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24). - Add CONFIG_CHECK_CODESIGN_EKU - ALSA: ac97: (cosmetic) align argument names (git-fixes). - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: asihpi: fix spellint typo in comments (git-fixes). - ALSA: atmel: ac97: clarify operator precedence (git-fixes). - ALSA: bebob: potential info leak in hwdep_read() (git-fixes). - ALSA: compress_offload: remove redundant initialization (git-fixes). - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: core: pcm: simplify locking for timers (git-fixes). - ALSA: core: timer: clarify operator precedence (git-fixes). - ALSA: core: timer: remove redundant assignment (git-fixes). - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes). - ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes). - ALSA: hda: (cosmetic) align function parameters (git-fixes). - ALSA: hda - Do not register a cb func if it is registered already (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes). - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes). - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes). - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes). - ALSA: hdspm: Fix typo arbitary (git-fixes). - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes). - ALSA: portman2x4: fix repeated word 'if' (git-fixes). - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes). - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes). - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes). - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes). - ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes). - ALSA: usb: scarless_gen2: fix endianness issue (git-fixes). - ALSA: vx: vx_core: clarify operator precedence (git-fixes). - ALSA: vx: vx_pcm: remove redundant assignment (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes). - ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes). - ASoC: qcom: lpass-platform: fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes). - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes). - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: provide survey info as accumulated data (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes). - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes). - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes). - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes). - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750). - block: ensure bdi->io_pages is always initialized (bsc#1177749). - block: Fix page_is_mergeable() for compound pages (bsc#1177814). - block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes). - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes). - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes). - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes). - Bluetooth: Only mark socket zapped after unlocking (git-fixes). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes). - bonding: show saner speed for broadcast mode (networking-stable-20_08_24). - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes). - brcmfmac: check ndev pointer (git-fixes). - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854). - btrfs: allocate scrub workqueues outside of locks (bsc#1178183). - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: do not force read-only after error in drop snapshot (bsc#1176354). - btrfs: drop path before adding new uuid tree entry (bsc#1178176). - btrfs: fix filesystem corruption after a device replace (bsc#1178395). - btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190). - btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191). - btrfs: fix space cache memory leak after transaction abort (bsc#1178173). - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395). - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395). - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856). - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - btrfs: set the correct lockdep class for new nodes (bsc#1178184). - btrfs: set the lockdep class for log tree extent buffers (bsc#1178186). - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes). - ceph: promote to unsigned long long before shifting (bsc#1178175). - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes). - clk: at91: remove the checking of parent_name (git-fixes). - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes). - clk: imx8mq: Fix usdhc parents order (git-fixes). - clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes). - clk: meson: g12a: mark fclk_div2 as critical (git-fixes). - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes). - crypto: ccp - fix error handling (git-fixes). - cxgb4: fix memory leak during module unload (networking-stable-20_09_24). - cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24). - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes). - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817). - Disable module compression on SLE15 SP2 (bsc#1178307) - dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743). - dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743). - dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743). - dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743). - dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743). - dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743). - dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743). - dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743). - dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743). - dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743). - dma-direct: remove the dma_handle argument to __dma_direct_alloc_pages (bsc#1175898, ECO-2743). - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes). - dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes). - dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes). - dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743). - dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743). - dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743). - dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743). - dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743). - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743). - dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743). - dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743). - dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743). - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743). - dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743). - dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743). - dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743). - dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743). - dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743). - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743). - dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743). - dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743). - dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743). - dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743). - dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743). - dm: Call proper helper to determine dax support (bsc#1177817). - dm/dax: Fix table reference counts (bsc#1178246). - docs: driver-api: remove a duplicated index entry (git-fixes). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489). - eeprom: at25: set minimum read/write access stride to 1 (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - exfat: fix wrong size update of stream entry by typo (git-fixes). - extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes). - futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648). - futex: Consistently use fshared as boolean (bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1149032). - futex: Remove put_futex_key() (bsc#1149032). - futex: Remove unused or redundant includes (bsc#1149032). - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24). - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11). - HID: hid-input: fix stylus battery reporting (git-fixes). - HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes). - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes). - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs (git-fixes). - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes). - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes). - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo (git-fixes). - i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes). - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897). - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes). - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes). - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes). - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes). - icmp: randomize the global rate limiter (git-fixes). - ida: Free allocated bitmap in error path (git-fixes). - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes). - iio: adc: gyroadc: fix leak of device node iterator (git-fixes). - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes). - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes). - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes). - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes). - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes). - ima: Do not ignore errors from crypto_shash_update() (git-fixes). - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes). - Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes). - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes). - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes). - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes). - Input: stmfts - fix a & vs && typo (git-fixes). - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes). - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes). - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739). - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24). - ipmi_si: Fix wrong return value in try_smi_init() (git-fixes). - ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24). - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes). - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24). - ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24). - ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11). - ipvlan: fix device features (networking-stable-20_08_24). - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes). - kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353). - kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes). - kbuild: enforce -Werror=return-type (bsc#1177281). - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - leds: mt6323: move period calculation (git-fixes). - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177). - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes). - mac80211: handle lack of sband->bitrates in rates (git-fixes). - mailbox: avoid timer start from callback (git-fixes). - media: ati_remote: sanity check for both endpoints (git-fixes). - media: bdisp: Fix runtime PM imbalance on error (git-fixes). - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes). - media: exynos4-is: Fix a reference count leak (git-fixes). - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes). - media: firewire: fix memory leak (git-fixes). - media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes). - media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes). - media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: media/pci: prevent memory leak in bttv_probe (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes). - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes). - media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes). - media: saa7134: avoid a shift overflow (git-fixes). - media: st-delta: Fix reference count leak in delta_run_work (git-fixes). - media: sti: Fix reference count leaks (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes). - media: vsp1: Fix runtime PM imbalance on error (git-fixes). - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes). - memory: omap-gpmc: Fix a couple off by ones (git-fixes). - memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - mic: vop: copy data to kernel space then write to io memory (git-fixes). - misc: mic: scif: Fix error handling path (git-fixes). - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes). - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes). - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes). - mm: do not panic when links can't be created in sysfs (bsc#1178002). - mm: do not rely on system state to detect hot-plug operations (bsc#1178002). - mm: fix a race during THP splitting (bsc#1178255). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm: madvise: fix vma user-after-free (git-fixes). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm: replace memmap_context by meminit_context (bsc#1178002). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - module: Correctly truncate sysfs sections output (git-fixes). - module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes). - module: Refactor section attr into bin attribute (git-fixes). - module: statically initialize init section freeing data (git-fixes). - Move upstreamed BT patch into sorted section - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - mtd: lpddr: fix excessive stack usage with clang (git-fixes). - mtd: mtdoops: Do not write panic data twice (git-fixes). - mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes). - mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes). - mtd: spinand: gigadevice: Add QE Bit (git-fixes). - mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes). - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes). - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes). - mwifiex: fix double free (git-fixes). - mwifiex: remove function pointer check (git-fixes). - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes). - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24). - net/core: check length before updating Ethertype in skb_mpls_{push,pop} (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24). - net: disable netpoll on fresh napis (networking-stable-20_09_11). - net: dsa: b53: check for timeout (networking-stable-20_08_24). - net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24). - net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24). - net: Fix bridge enslavement failure (networking-stable-20_09_24). - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24). - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11). - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24). - netlabel: fix problems with mapping removal (networking-stable-20_09_11). - net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24). - net: lantiq: Use napi_complete_done() (networking-stable-20_09_24). - net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24). - net: lantiq: Wake TX queue again (networking-stable-20_09_24). - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24). - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24). - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24). - net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24). - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24). - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24). - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24). - net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24). - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11). - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11). - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes). - nfp: use correct define to return NONE fec (networking-stable-20_09_24). - nl80211: fix non-split wiphy information (git-fixes). - NTB: hw: amd: fix an issue about leak system resources (git-fixes). - ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes). - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748). - nvme-rdma: fix crash when connect rejected (bsc#1174748). - overflow: Include header file with SIZE_MAX declaration (git-fixes). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI: aardvark: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)). - perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489). - perf/x86: Fix n_pair for cancelled txn (bsc#1152489). - pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes). - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes). - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification. - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186 ltc#153436 git-fixes). - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729). - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729). - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729). - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729). - powerpc/papr_scm: Fix warning triggered by perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729). - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729). - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729). - powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246 git-fixes). - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes). - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729). - power: supply: bq27xxx: report 'not charging' on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - pwm: img: Fix null pointer access in probe (git-fixes). - pwm: lpss: Add range limit check for the base_unit register value (git-fixes). - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes). - qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes). - r8169: fix issue with forced threading in combination with shared interrupts (git-fixes). - r8169: fix operation under forced interrupt threading (git-fixes). - rapidio: fix the missed put_device() for rio_mport_add_riodev (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - reset: sti: reset-syscfg: fix struct description warnings (git-fixes). - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes). - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rtc: rx8010: do not modify the global rtc ops (git-fixes). - rtl8xxxu: prevent potential memory leak (git-fixes). - rtw88: increse the size of rx buffer size (git-fixes). - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733). - s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735). - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729). - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226). - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743). - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11). - selftests/timers: Turn off timeout setting (git-fixes). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - slimbus: core: check get_addr before removing laddr ida (git-fixes). - slimbus: core: do not enter to clock pause mode in core (git-fixes). - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes). - soc: fsl: qbman: Fix return value on success (git-fixes). - spi: spi-s3c64xx: Check return values (git-fixes). - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes). - taprio: Fix allowing too small intervals (networking-stable-20_09_24). - time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648). - tipc: fix memory leak caused by tipc_buf_append() (git-fixes). - tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24). - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11). - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24). - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes). - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24). - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24). - tracing: Check return value of __create_val_fields() before using its result (git-fixes). - tracing: Save normal string variables (git-fixes). - tty: ipwireless: fix error handling (git-fixes). - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: adutux: fix debugging (git-fixes). - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes). - usb: cdc-acm: fix cooldown mechanism (git-fixes). - USB: cdc-acm: handle broken union descriptors (git-fixes). - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes). - usb: core: Solve race condition in anchor cleanup functions (git-fixes). - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes). - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes). - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes). - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes). - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes). - usb: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes). - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes). - usb: dwc3: simple: add support for Hikey 970 (git-fixes). - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes). - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes). - usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes). - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes). - usblp: fix race between disconnect() and read() (git-fixes). - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - usb: ohci: Default to per-port over-current protection (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - USB: serial: qcserial: fix altsetting probing (git-fixes). - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - usb: xhci-mtk: Fix typo (git-fixes). - usb: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - VMCI: check return value of get_user_pages_fast() for errors (git-fixes). - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes). - watchdog: Fix memleak in watchdog_cdev_register (git-fixes). - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes). - watchdog: Use put_device on error (git-fixes). - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1177755). - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755). - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755). - X.509: Add CodeSigning extended key usage parsing (bsc#1177353). - x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749). - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489). - x86/ioapic: Unbreak check_timer() (bsc#1152489). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1177765). - x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/gntdev.c: Mark pages as dirty (bsc#1065600). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix high key handling in the rt allocator's query_range function (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: force the log after remapping a synchronous-writes file (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: limit entries returned when counting fsmap records (git-fixes). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes). Important SUSE bug 1055014 SUSE bug 1055186 SUSE bug 1061843 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066382 SUSE bug 1077428 SUSE bug 1129923 SUSE bug 1134760 SUSE bug 1149032 SUSE bug 1152489 SUSE bug 1163592 SUSE bug 1164648 SUSE bug 1166146 SUSE bug 1166166 SUSE bug 1167030 SUSE bug 1170415 SUSE bug 1174748 SUSE bug 1174969 SUSE bug 1175052 SUSE bug 1175306 SUSE bug 1175721 SUSE bug 1175749 SUSE bug 1175898 SUSE bug 1176354 SUSE bug 1176485 SUSE bug 1176713 SUSE bug 1177086 SUSE bug 1177281 SUSE bug 1177353 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177739 SUSE bug 1177749 SUSE bug 1177750 SUSE bug 1177754 SUSE bug 1177755 SUSE bug 1177765 SUSE bug 1177766 SUSE bug 1177799 SUSE bug 1177801 SUSE bug 1177814 SUSE bug 1177817 SUSE bug 1177854 SUSE bug 1177855 SUSE bug 1177856 SUSE bug 1177861 SUSE bug 1178002 SUSE bug 1178079 SUSE bug 1178123 SUSE bug 1178166 SUSE bug 1178173 SUSE bug 1178175 SUSE bug 1178176 SUSE bug 1178177 SUSE bug 1178183 SUSE bug 1178184 SUSE bug 1178185 SUSE bug 1178186 SUSE bug 1178190 SUSE bug 1178191 SUSE bug 1178246 SUSE bug 1178255 SUSE bug 1178307 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178395 SUSE bug 1178461 SUSE bug 1178579 SUSE bug 1178581 SUSE bug 1178584 SUSE bug 1178585 CVE-2020-14351 CVE-2020-16120 CVE-2020-25285 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-25705 CVE-2020-8694 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176116 SUSE bug 1176256 SUSE bug 1176257 SUSE bug 1176258 SUSE bug 1176259 CVE-2020-15166 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1160790 SUSE bug 1161088 SUSE bug 1161089 SUSE bug 1161670 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for SDL fixes the following issues: Security issue fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141844 CVE-2019-13616 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Update to 86.0.4240.198 (boo#1178703) - CVE-2020-16013: Inappropriate implementation in V8 - CVE-2020-16017: Use after free in site isolation Update to 86.0.4240.193 (boo#1178630) - CVE-2020-16016: Inappropriate implementation in base. Important SUSE bug 1178630 SUSE bug 1178703 CVE-2020-16013 CVE-2020-16016 CVE-2020-16017 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Opera was updated to version 72.0.3815.320 - CHR-8177 Update chromium on desktop-stable-86-3815 to 86.0.4240.183 - DNA-89748 ‘Manage Extensions’ dialog is displayed with preloaded extensions - DNA-89766 Address bar does not respond to actions - The update to chromium 86.0.4240.183 fixes following issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16007, CVE-2020-16008, CVE-2020-16009, CVE-2020-16011 - Update to version 72.0.3815.200 - DNA-87150 Speed Dial tile can’t be dragged to proper place - DNA-89632 Improve hovering over icons - DNA-89647 [Light mode] Wrong URL color in ‘Add Site’ section - DNA-89791 Typo in Spanish - The update to chromium 86.0.4240.111 fixes following issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, CVE-2020-15999, CVE-2020-16003 - Complete Opera 72.0 changelog at: https://blogs.opera.com/desktop/changelog-for-72/ - Update to version 71.0.3770.271 - DNA-88353 Crash at opera::TabCyclerView::HighlightContents (content::WebContents*, bool) - DNA-89177 Device update request should only be called when FCM token has changed - DNA-89186 Handle device expired case in all server calls - DNA-89202 Pages are rendered in dark mode when force dark mode prefs were synced from Opera GX - DNA-89247 [Mac] Fullscreen video broken if sidebar is hidden - DNA-89298 Some elements of VPN popup are misaligned to design - DNA-89305 Crash after closing Downloads pop-up Important CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gdm fixes the following issues: - Exit with failure if loading existing users fails (bsc#1178150 CVE-2020-16125). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for moinmoin-wiki fixes the following issues: - update to version 1.9.11: CVE-2020-25074 (boo#1178744): fix remote code execution via cache action CVE-2020-15275 (boo#1178745): fix malicious SVG attachment causing stored XSS vulnerability Important SUSE bug 1178744 SUSE bug 1178745 CVE-2020-15275 CVE-2020-25074 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tor fixes the following issues: Updating tor to a newer version in the respective codestream. - tor 0.3.5.12: * Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741) * Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979) * Fix DoS defenses on bridges with a pluggable transport * CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013) * CVE-2020-10593: circuit padding memory leak (boo#1167014) - tor 0.4.4.6 * Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741) * Fix a crash due to an out-of-bound memory access (CVE-2020-15572, boo#1173979) * Fix logrotate to not fail when tor is stopped (boo#1164275) Important SUSE bug 1164275 SUSE bug 1167013 SUSE bug 1167014 SUSE bug 1173979 SUSE bug 1178741 CVE-2020-10592 CVE-2020-10593 CVE-2020-15572 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178466 CVE-2020-8037 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177211 CVE-2020-26116 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rmt-server fixes the following issues: Update to version 2.6.5: - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one. - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf. - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name. - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps. - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail. - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits: * `rmt-cli mirror repositories` now works for custom repositories. * Custom repository IDs can be the same across RMT instances. * No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output. Deprecation Warnings: * RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility. - Updated rails and puma dependencies for security fixes. This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1165548 SUSE bug 1168554 SUSE bug 1172177 SUSE bug 1172182 SUSE bug 1172184 SUSE bug 1172186 SUSE bug 1173351 CVE-2019-16770 CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 CVE-2020-11076 CVE-2020-11077 CVE-2020-15169 CVE-2020-5247 CVE-2020-5249 CVE-2020-5267 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-8184 CVE-2020-8185 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943) * New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Other changes + JDK-6532025: GIF reader throws misleading exception with truncated images + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed + JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8172404: Tools should warn if weak algorithms are used before restricting them + JDK-8193367: Annotated type variable bounds crash javac + JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java + JDK-8204963: javax.swing.border.TitledBorder has a memory leak + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed' + JDK-8205534: Remove SymbolTable dependency from serviceability agent + JDK-8206309: Tier1 SA tests fail + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1 + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent! + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2 + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java + JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3 + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4 + JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test + JDK-8211694: JShell: Redeclared variable should be reset + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55 + JDK-8212807: tools/jar/multiRelease/Basic.java times out + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent) + JDK-8213214: Set -Djava.io.tmpdir= when running tests + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface + JDK-8214074: Ghash optimization using AVX instructions + JDK-8214491: Upgrade to JLine 3.9.0 + JDK-8214797: TestJmapCoreMetaspace.java timed out + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:' + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions) + JDK-8215438: jshell tool: Ctrl-D causes EOF + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows + JDK-8216974: HttpConnection not returned to the pool after 204 response + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs + JDK-8221658: aarch64: add necessary predicate for ubfx patterns + JDK-8221759: Crash when completing 'java.io.File.path' + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found + JDK-8222074: Enhance auto vectorization for x86 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command + JDK-8223688: JShell: crash on the instantiation of raw anonymous class + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error + JDK-8223940: Private key not supported by chosen signature algorithm + JDK-8224184: jshell got IOException at exiting with AIX + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions + JDK-8226536: Catch OOM from deopt that fails rematerializing objects + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out + JDK-8227269: Slow class loading when running with JDWP + JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6' + JDK-8228448: Jconsole can't connect to itself + JDK-8228967: Trust/Key store and SSL context utilities for tests + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8229815: Upgrade Jline to 3.12.1 + JDK-8230000: some httpclients testng tests run zero test + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test + JDK-8230010: Remove jdk8037819/BasicTest1.java + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?' + JDK-8230767: FlightRecorderListener returns null recording + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231586: enlarge encoding space for OopMapValue offsets + JDK-8231953: Wrong assumption in assertion in oop::register_oop + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232083: Minimal VM is broken after JDK-8231586 + JDK-8232161: Align some one-way conversion in MS950 charset with Windows + JDK-8232855: jshell missing word in /help help + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR + JDK-8233386: Initialize NULL fields for unused decorations + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result + JDK-8233686: XML transformer uses excessive amount of memory + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr + JDK-8234149: Several regression tests do not dispose Frame at end + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC + JDK-8234541: C1 emits an empty message when it inlines successfully + JDK-8234687: change javap reporting on unknown attributes + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11 + JDK-8236548: Localized time zone name inconsistency between English and other locales + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575 + JDK-8237182: Update copyright header for shenandoah and epsilon files + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response + JDK-8238284: [macos] Zero VM build fails due to an obvious typo + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), 'should be non-static concrete method'); + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8240169: javadoc fails to link to non-modular api docs + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8240360: NativeLibraryEvent has wrong library name on Linux + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086 + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows + JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark + JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8242184: CRL generation error with RSASSA-PSS + JDK-8242283: Can't start JVM when java home path includes non-ASCII character + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework + JDK-8243138: Enhance BaseLdapServer to support starttls extended request + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8243389: enhance os::pd_print_cpu_info on linux + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows) + JDK-8244087: 2020-04-24 public suffix list update + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base + JDK-8244196: adjust output in os_linux + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8244287: JFR: Methods samples have line number 0 + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it' + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3 + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8245151: jarsigner should not raise duplicate warnings on verification + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9 + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!' + JDK-8245832: JDK build make-static-libs should build all JDK libraries + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan + JDK-8245981: Upgrade to jQuery 3.5.1 + JDK-8246027: Minimal fastdebug build broken after JDK-8245801 + JDK-8246094: [macos] Sound Recording and playback is not working + JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ + JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN + JDK-8246330: Add TLS Tests for Legacy ECDSA curves + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place' + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code + JDK-8247615: Initialize the bytes left for the heap sampler + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&' + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield + JDK-8248348: Regression caused by the update to BCEL 6.0 + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1 + JDK-8248495: [macos] zerovm is broken due to libffi headers location + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650 + JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows. + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel + JDK-8249255: Build fails if source code in cygwin home dir + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11 + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList + JDK-8249560: Shenandoah: Fix racy GC request handling + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets + JDK-8250609: C2 crash in IfNode::fold_compares + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java + JDK-8250787: Provider.put no longer registering aliases in FIPS env + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured' + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility + JDK-8252258: [11u] JDK-8242154 changes the default vendor + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011 + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11 + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258 + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9 This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for blueman fixes the following issues: - Update to version 2.1.4 * CVE-2020-15238: Fixed a local denial-of-service in the D-Bus interface (boo#1178196) Moderate SUSE bug 1178196 CVE-2020-15238 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rclone fixes the following issues: rclone was updated to version 1.53.3: * Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo#1179005 (Nick Craig-Wood) - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by rclone * VFS - Fix vfs/refresh calls with fs= parameter (Nick Craig-Wood) * Sharefile - Fix backend due to API swapping integers for strings (Nick Craig-Wood) Update to 1.53.2: * Bug Fixes - accounting + Fix incorrect speed and transferTime in core/stats (Nick Craig-Wood) + Stabilize display order of transfers on Windows (Nick Craig-Wood) - operations + Fix use of --suffix without --backup-dir (Nick Craig-Wood) + Fix spurious '--checksum is in use but the source and destination have no hashes in common' (Nick Craig-Wood) - build + Work around GitHub actions brew problem (Nick Craig-Wood) + Stop using set-env and set-path in the GitHub actions (Nick Craig-Wood) * Mount - mount2: Fix the swapped UID / GID values (Russell Cattelan) * VFS - Detect and recover from a file being removed externally from the cache (Nick Craig-Wood) - Fix a deadlock vulnerability in downloaders.Close (Leo Luan) - Fix a race condition in retryFailedResets (Leo Luan) - Fix missed concurrency control between some item operations and reset (Leo Luan) - Add exponential backoff during ENOSPC retries (Leo Luan) - Add a missed update of used cache space (Leo Luan) - Fix --no-modtime to not attempt to set modtimes (as documented) (Nick Craig-Wood) * Local - Fix sizes and syncing with --links option on Windows (Nick Craig-Wood) * Chunker - Disable ListR to fix missing files on GDrive (workaround) (Ivan Andreev) - Fix upload over crypt (Ivan Andreev) * Fichier - Increase maximum file size from 100GB to 300GB (gyutw) * Jottacloud - Remove clientSecret from config when upgrading to token based authentication (buengese) - Avoid double url escaping of device/mountpoint (albertony) - Remove DirMove workaround as it's not required anymore - also (buengese) * Mailru - Fix uploads after recent changes on server (Ivan Andreev) - Fix range requests after june changes on server (Ivan Andreev) - Fix invalid timestamp on corrupted files (fixes) (Ivan Andreev) * Onedrive - Fix disk usage for sharepoint (Nick Craig-Wood) * S3 - Add missing regions for AWS (Anagh Kumar Baranwal) * Seafile - Fix accessing libraries > 2GB on 32 bit systems (Muffin King) * SFTP - Always convert the checksum to lower case (buengese) * Union - Create root directories if none exist (Nick Craig-Wood) Update to version 1.53.1: * Bug Fixes - accounting: Remove new line from end of --stats-one-line display * VFS - Fix spurious error 'vfs cache: failed to _ensure cache EOF' - Log an ERROR if we fail to set the file to be sparse * Local - Log an ERROR if we fail to set the file to be sparse * Drive - Re-adds special oauth help text * Opendrive - Do not retry 400 errors Update to version 1.53.0 * New Features - The VFS layer was heavily reworked for this release - see below for more details - Interactive mode -i/--interactive for destructive operations (fishbullet) - Add --bwlimit-file flag to limit speeds of individual file transfers (Nick Craig-Wood) - Transfers are sorted by start time in the stats and progress output (Max Sum) - Make sure backends expand ~ and environment vars in file names they use (Nick Craig-Wood) - Add --refresh-times flag to set modtimes on hashless backends (Nick Craig-Wood) - rclone check + Add reporting of filenames for same/missing/changed (Nick Craig-Wood) + Make check command obey --dry-run/-i/--interactive (Nick Craig-Wood) + Make check do --checkers files concurrently (Nick Craig-Wood) + Retry downloads if they fail when using the --download flag (Nick Craig-Wood) + Make it show stats by default (Nick Craig-Wood) - rclone config + Set RCLONE_CONFIG_DIR for use in config files and subprocesses (Nick Craig-Wood) + Reject remote names starting with a dash. (jtagcat) - rclone cryptcheck: Add reporting of filenames for same/missing/changed (Nick Craig-Wood) - rclone dedupe: Make it obey the --size-only flag for duplicate detection (Nick Craig-Wood) - rclone link: Add --expire and --unlink flags (Roman Kredentser) - rclone mkdir: Warn when using mkdir on remotes which can't have empty directories (Nick Craig-Wood) - rclone rc: Allow JSON parameters to simplify command line usage (Nick Craig-Wood) - rclone serve ftp + Don't compile on < go1.13 after dependency update (Nick Craig-Wood) + Add error message if auth proxy fails (Nick Craig-Wood) + Use refactored goftp.io/server library for binary shrink (Nick Craig-Wood) - rclone serve restic: Expose interfaces so that rclone can be used as a library from within restic (Jack) - rclone sync: Add --track-renames-strategy leaf (Nick Craig-Wood) - rclone touch: Add ability to set nanosecond resolution times (Nick Craig-Wood) - rclone tree: Remove -i shorthand for --noindent as it conflicts with -i/--interactive (Nick Craig-Wood) * Bug Fixes * Mount - rc interface + Add call for unmount all (Chaitanya Bankanhal) + Make mount/mount remote control take vfsOpt option (Nick Craig-Wood) + Add mountOpt to mount/mount (Nick Craig-Wood) + Add VFS and Mount options to mount/listmounts (Nick Craig-Wood) - Catch panics in cgofuse initialization and turn into error messages (Nick Craig-Wood) - Always supply stat information in Readdir (Nick Craig-Wood) - Add support for reading unknown length files using direct IO (Windows) (Nick Craig-Wood) - Fix On Windows don't add -o uid/gid=-1 if user supplies -o uid/gid. (Nick Craig-Wood) - Fix volume name broken in recent refactor (Nick Craig-Wood) * VFS - Implement partial reads for --vfs-cache-mode full (Nick Craig-Wood) - Add --vfs-writeback option to delay writes back to cloud storage (Nick Craig-Wood) - Add --vfs-read-ahead parameter for use with --vfs-cache-mode full (Nick Craig-Wood) - Restart pending uploads on restart of the cache (Nick Craig-Wood) - Support synchronous cache space recovery upon ENOSPC (Leo Luan) - Allow ReadAt and WriteAt to run concurrently with themselves (Nick Craig-Wood) - Change modtime of file before upload to current (Rob Calistri) - Recommend --vfs-cache-modes writes on backends which can't stream (Nick Craig-Wood) - Add an optional fs parameter to vfs rc methods (Nick Craig-Wood) - Fix errors when using > 260 char files in the cache in Windows (Nick Craig-Wood) - Fix renaming of items while they are being uploaded (Nick Craig-Wood) - Fix very high load caused by slow directory listings (Nick Craig-Wood) - Fix renamed files not being uploaded with --vfs-cache-mode minimal (Nick Craig-Wood) - Fix directory locking caused by slow directory listings (Nick Craig-Wood) - Fix saving from chrome without --vfs-cache-mode writes (Nick Craig-Wood) * Crypt Add --crypt-server-side-across-configs flag (Nick Craig-Wood) Make any created backends be cached to fix rc problems (Nick Craig-Wood) * Azure Blob Don't compile on < go1.13 after dependency update (Nick Craig-Wood) * B2 Implement server side copy for files > 5GB (Nick Craig-Wood) Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) Note that b2's encoding now allows \ but rclone's hasn't changed (Nick Craig-Wood) Fix transfers when using download_url (Nick Craig-Wood) * Box - Implement rclone cleanup (buengese) - Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) - Allow authentication with access token (David) * Chunker - Make any created backends be cached to fix rc problems (Nick Craig-Wood) * Drive - Add rclone backend drives to list shared drives (teamdrives) (Nick Craig-Wood) - Implement rclone backend untrash (Nick Craig-Wood) - Work around drive bug which didn't set modtime of copied docs (Nick Craig-Wood) - Added --drive-starred-only to only show starred files (Jay McEntire) - Deprecate --drive-alternate-export as it is no longer needed (themylogin) - Fix duplication of Google docs on server side copy (Nick Craig-Wood) - Fix 'panic: send on closed channel' when recycling dir entries (Nick Craig-Wood) * Dropbox - Add copyright detector info in limitations section in the docs (Alex Guerrero) - Fix rclone link by removing expires parameter (Nick Craig-Wood) * Fichier - Detect Flood detected: IP Locked error and sleep for 30s (Nick Craig-Wood) * FTP - Add explicit TLS support (Heiko Bornholdt) - Add support for --dump bodies and --dump auth for debugging (Nick Craig-Wood) - Fix interoperation with pure-ftpd (Nick Craig-Wood) * Google Cloud Storage - Add support for anonymous access (Kai L?ke) * Jottacloud - Bring back legacy authentification for use with whitelabel versions (buengese) - Switch to new api root - also implement a very ugly workaround for the DirMove failures (buengese) * Onedrive - Rework cancel of multipart uploads on rclone exit (Nick Craig-Wood) - Implement rclone cleanup (Nick Craig-Wood) - Add --onedrive-no-versions flag to remove old versions (Nick Craig-Wood) * Pcloud - Implement rclone link for public link creation (buengese) * Qingstor - Cancel in progress multipart uploads on rclone exit (Nick Craig-Wood) * S3 - Preserve metadata when doing multipart copy (Nick Craig-Wood) - Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) - Add rclone link for public link sharing (Roman Kredentser) - Add rclone backend restore command to restore objects from GLACIER (Nick Craig-Wood) - Add rclone cleanup and rclone backend cleanup to clean unfinished multipart uploads (Nick Craig-Wood) - Add rclone backend list-multipart-uploads to list unfinished multipart uploads (Nick Craig-Wood) - Add --s3-max-upload-parts support (Kamil Trzciński) - Add --s3-no-check-bucket for minimising rclone transactions and perms (Nick Craig-Wood) - Add --s3-profile and --s3-shared-credentials-file options (Nick Craig-Wood) - Use regional s3 us-east-1 endpoint (David) - Add Scaleway provider (Vincent Feltz) - Update IBM COS endpoints (Egor Margineanu) - Reduce the default --s3-copy-cutoff to < 5GB for Backblaze S3 compatibility (Nick Craig-Wood) - Fix detection of bucket existing (Nick Craig-Wood) * SFTP - Use the absolute path instead of the relative path for listing for improved compatibility (Nick Craig-Wood) - Add --sftp-subsystem and --sftp-server-command options (aus) * Swift - Fix dangling large objects breaking the listing (Nick Craig-Wood) - Fix purge not deleting directory markers (Nick Craig-Wood) - Fix update multipart object removing all of its own parts (Nick Craig-Wood) - Fix missing hash from object returned from upload (Nick Craig-Wood) * Tardigrade - Upgrade to uplink v1.2.0 (Kaloyan Raev) * Union - Fix writing with the all policy (Nick Craig-Wood) * WebDAV - Fix directory creation with 4shared (Nick Craig-Wood) - Update to version 1.52.3 * Bug Fixes - docs + Disable smart typography (eg en-dash) in MANUAL.* and man page (Nick Craig-Wood) + Update install.md to reflect minimum Go version (Evan Harris) + Update install from source instructions (Nick Craig-Wood) + make_manual: Support SOURCE_DATE_EPOCH (Morten Linderud) - log: Fix --use-json-log going to stderr not --log-file on Windows (Nick Craig-Wood) - serve dlna: Fix file list on Samsung Series 6+ TVs (Matteo Pietro Dazzi) - sync: Fix deadlock with --track-renames-strategy modtime (Nick Craig-Wood) * Cache - Fix moveto/copyto remote:file remote:file2 (Nick Craig-Wood) * Drive - Stop using root_folder_id as a cache (Nick Craig-Wood) - Make dangling shortcuts appear in listings (Nick Craig-Wood) - Drop 'Disabling ListR' messages down to debug (Nick Craig-Wood) - Workaround and policy for Google Drive API (Dmitry Ustalov) * FTP - Add note to docs about home vs root directory selection (Nick Craig-Wood) * Onedrive - Fix reverting to Copy when Move would have worked (Nick Craig-Wood) - Avoid comma rendered in URL in onedrive.md (Kevin) * Pcloud - Fix oauth on European region 'eapi.pcloud.com' (Nick Craig-Wood) * S3 - Fix bucket Region auto detection when Region unset in config (Nick Craig-Wood) - Update to version 1.52.2 * Bug Fixes - build + Fix docker release build action (Nick Craig-Wood) + Fix custom timezone in Docker image (NoLooseEnds) - check: Fix misleading message which printed errors instead of differences (Nick Craig-Wood) - errors: Add WSAECONNREFUSED and more to the list of retriable Windows errors (Nick Craig-Wood) - rcd: Fix incorrect prometheus metrics (Gary Kim) - serve restic: Fix flags so they use environment variables (Nick Craig-Wood) - serve webdav: Fix flags so they use environment variables (Nick Craig-Wood) - sync: Fix --track-renames-strategy modtime (Nick Craig-Wood) * Drive - Fix not being able to delete a directory with a trashed shortcut (Nick Craig-Wood) - Fix creating a directory inside a shortcut (Nick Craig-Wood) - Fix --drive-impersonate with cached root_folder_id (Nick Craig-Wood) * SFTP - Fix SSH key PEM loading (Zac Rubin) * Swift - Speed up deletes by not retrying segment container deletes (Nick Craig-Wood) * Tardigrade - Upgrade to uplink v1.1.1 (Caleb Case) * WebDAV - Fix free/used display for rclone about/df for certain backends (Nick Craig-Wood) - Update to version 1.52.1 * VFS - Fix OS vs Unix path confusion - fixes ChangeNotify on Windows (Nick Craig-Wood) * Drive - Fix missing items when listing using --fast-list / ListR (Nick Craig-Wood) * Putio - Fix panic on Object.Open (Cenk Alti) * S3 - Fix upload of single files into buckets without create permission (Nick Craig-Wood) - Fix --header-upload (Nick Craig-Wood) * Tardigrade - Fix listing bug by upgrading to v1.0.7 - Set UserAgent to rclone (Caleb Case) - Update to version 1.52.0 * New backends - Tardigrade backend for use with storj.io (Caleb Case) - Union re-write to have multiple writable remotes (Max Sum) - Seafile for Seafile server (Fred @creativeprojects) * New commands - backend: command for backend specific commands (see backends) (Nick Craig-Wood) - cachestats: Deprecate in favour of rclone backend stats cache: (Nick Craig-Wood) - dbhashsum: Deprecate in favour of rclone hashsum DropboxHash (Nick Craig-Wood) * New Features - Add --header-download and --header-upload flags for setting HTTP headers when uploading/downloading (Tim Gallant) - Add --header flag to add HTTP headers to every HTTP transaction (Nick Craig-Wood) - Add --check-first to do all checking before starting transfers (Nick Craig-Wood) - Add --track-renames-strategy for configurable matching criteria for --track-renames (Bernd Schoolmann) - Add --cutoff-mode hard,soft,catious (Shing Kit Chan & Franklyn Tackitt) - Filter flags (eg --files-from -) can read from stdin (fishbullet) - Add --error-on-no-transfer option (Jon Fautley) - Implement --order-by xxx,mixed for copying some small and some big files (Nick Craig-Wood) - Allow --max-backlog to be negative meaning as large as possible (Nick Craig-Wood) - Added --no-unicode-normalization flag to allow Unicode filenames to remain unique (Ben Zenker) - Allow --min-age/--max-age to take a date as well as a duration (Nick Craig-Wood) - Add rename statistics for file and directory renames (Nick Craig-Wood) - Add statistics output to JSON log (reddi) - Make stats be printed on non-zero exit code (Nick Craig-Wood) - When running --password-command allow use of stdin (S?bastien Gross) - Stop empty strings being a valid remote path (Nick Craig-Wood) - accounting: support WriterTo for less memory copying (Nick Craig-Wood) - build + Update to use go1.14 for the build (Nick Craig-Wood) + Add -trimpath to release build for reproduceable builds (Nick Craig-Wood) + Remove GOOS and GOARCH from Dockerfile (Brandon Philips) - config + Fsync the config file after writing to save more reliably (Nick Craig-Wood) + Add --obscure and --no-obscure flags to config create/update (Nick Craig-Wood) + Make config show take remote: as well as remote (Nick Craig-Wood) - copyurl: Add --no-clobber flag (Denis) - delete: Added --rmdirs flag to delete directories as well (Kush) - filter: Added --files-from-raw flag (Ankur Gupta) - genautocomplete: Add support for fish shell (Matan Rosenberg) - log: Add support for syslog LOCAL facilities (Patryk Jakuszew) - lsjson: Add --hash-type parameter and use it in lsf to speed up hashing (Nick Craig-Wood) - rc + Add -o/--opt and -a/--arg for more structured input (Nick Craig-Wood) + Implement backend/command for running backend specific commands remotely (Nick Craig-Wood) + Add mount/mount command for starting rclone mount via the API (Chaitanya) - rcd: Add Prometheus metrics support (Gary Kim) - serve http + Added a --template flag for user defined markup (calistri) + Add Last-Modified headers to files and directories (Nick Craig-Wood) - serve sftp: Add support for multiple host keys by repeating --key flag (Maxime Suret) - touch: Add --localtime flag to make --timestamp localtime not UTC (Nick Craig-Wood) * Bug Fixes - accounting + Restore 'Max number of stats groups reached' log line (Michał Matczuk) + Correct exitcode on Transfer Limit Exceeded flag. (Anuar Serdaliyev) + Reset bytes read during copy retry (Ankur Gupta) + Fix race clearing stats (Nick Craig-Wood) - copy: Only create empty directories when they don't exist on the remote (Ishuah Kariuki) - dedupe: Stop dedupe deleting files with identical IDs (Nick Craig-Wood) - oauth + Use custom http client so that --no-check-certificate is honored by oauth token fetch (Mark Spieth) + Replace deprecated oauth2.NoContext (Lars Lehtonen) - operations + Fix setting the timestamp on Windows for multithread copy (Nick Craig-Wood) + Make rcat obey --ignore-checksum (Nick Craig-Wood) + Make --max-transfer more accurate (Nick Craig-Wood) - rc + Fix dropped error (Lars Lehtonen) + Fix misplaced http server config (Xiaoxing Ye) + Disable duplicate log (ElonH) - serve dlna + Cds: don't specify childCount at all when unknown (Dan Walters) + Cds: use modification time as date in dlna metadata (Dan Walters) - serve restic: Fix tests after restic project removed vendoring (Nick Craig-Wood) - sync + Fix incorrect 'nothing to transfer' message using --delete-before (Nick Craig-Wood) + Only create empty directories when they don't exist on the remote (Ishuah Kariuki) * Mount - Add --async-read flag to disable asynchronous reads (Nick Craig-Wood) - Ignore --allow-root flag with a warning as it has been removed upstream (Nick Craig-Wood) - Warn if --allow-non-empty used on Windows and clarify docs (Nick Craig-Wood) - Constrain to go1.13 or above otherwise bazil.org/fuse fails to compile (Nick Craig-Wood) - Fix fail because of too long volume name (evileye) - Report 1PB free for unknown disk sizes (Nick Craig-Wood) - Map more rclone errors into file systems errors (Nick Craig-Wood) - Fix disappearing cwd problem (Nick Craig-Wood) - Use ReaddirPlus on Windows to improve directory listing performance (Nick Craig-Wood) - Send a hint as to whether the filesystem is case insensitive or not (Nick Craig-Wood) - Add rc command mount/types (Nick Craig-Wood) - Change maximum leaf name length to 1024 bytes (Nick Craig-Wood) * VFS - Add --vfs-read-wait and --vfs-write-wait flags to control time waiting for a sequential read/write (Nick Craig-Wood) - Change default --vfs-read-wait to 20ms (it was 5ms and not configurable) (Nick Craig-Wood) - Make df output more consistent on a rclone mount. (Yves G) - Report 1PB free for unknown disk sizes (Nick Craig-Wood) - Fix race condition caused by unlocked reading of Dir.path (Nick Craig-Wood) - Make File lock and Dir lock not overlap to avoid deadlock (Nick Craig-Wood) - Implement lock ordering between File and Dir to eliminate deadlocks (Nick Craig-Wood) - Factor the vfs cache into its own package (Nick Craig-Wood) - Pin the Fs in use in the Fs cache (Nick Craig-Wood) - Add SetSys() methods to Node to allow caching stuff on a node (Nick Craig-Wood) - Ignore file not found errors from Hash in Read.Release (Nick Craig-Wood) - Fix hang in read wait code (Nick Craig-Wood) * Local - Speed up multi thread downloads by using sparse files on Windows (Nick Craig-Wood) - Implement --local-no-sparse flag for disabling sparse files (Nick Craig-Wood) - Implement rclone backend noop for testing purposes (Nick Craig-Wood) - Fix 'file not found' errors on post transfer Hash calculation (Nick Craig-Wood) * Cache - Implement rclone backend stats command (Nick Craig-Wood) - Fix Server Side Copy with Temp Upload (Brandon McNama) - Remove Unused Functions (Lars Lehtonen) - Disable race tests until bbolt is fixed (Nick Craig-Wood) - Move methods used for testing into test file (greatroar) - Add Pin and Unpin and canonicalised lookup (Nick Craig-Wood) - Use proper import path go.etcd.io/bbolt (Robert-Andr? Mauchin) * Crypt - Calculate hashes for uploads from local disk (Nick Craig-Wood) + This allows crypted Jottacloud uploads without using local disk + This means crypted s3/b2 uploads will now have hashes - Added rclone backend decode/encode commands to replicate functionality of cryptdecode (Anagh Kumar Baranwal) - Get rid of the unused Cipher interface as it obfuscated the code (Nick Craig-Wood) * Azure Blob - Implement streaming of unknown sized files so rcat is now supported (Nick Craig-Wood) - Implement memory pooling to control memory use (Nick Craig-Wood) - Add --azureblob-disable-checksum flag (Nick Craig-Wood) - Retry InvalidBlobOrBlock error as it may indicate block concurrency problems (Nick Craig-Wood) - Remove unused Object.parseTimeString() (Lars Lehtonen) - Fix permission error on SAS URL limited to container (Nick Craig-Wood) * B2 - Add support for --header-upload and --header-download (Tim Gallant) - Ignore directory markers at the root also (Nick Craig-Wood) - Force the case of the SHA1 to lowercase (Nick Craig-Wood) - Remove unused largeUpload.clearUploadURL() (Lars Lehtonen) * Box - Add support for --header-upload and --header-download (Tim Gallant) - Implement About to read size used (Nick Craig-Wood) - Add token renew function for jwt auth (David Bramwell) - Added support for interchangeable root folder for Box backend (Sunil Patra) - Remove unnecessary iat from jws claims (David) * Drive - Follow shortcuts by default, skip with --drive-skip-shortcuts (Nick Craig-Wood) - Implement rclone backend shortcut command for creating shortcuts (Nick Craig-Wood) - Added rclone backend command to change service_account_file and chunk_size (Anagh Kumar Baranwal) - Fix missing files when using --fast-list and --drive-shared-with-me (Nick Craig-Wood) - Fix duplicate items when using --drive-shared-with-me (Nick Craig-Wood) - Extend --drive-stop-on-upload-limit to respond to teamDriveFileLimitExceeded. (harry) - Don't delete files with multiple parents to avoid data loss (Nick Craig-Wood) - Server side copy docs use default description if empty (Nick Craig-Wood) * Dropbox - Make error insufficient space to be fatal (harry) - Add info about required redirect url (Elan Ruusam?e) * Fichier - Add support for --header-upload and --header-download (Tim Gallant) - Implement custom pacer to deal with the new rate limiting (buengese) * FTP - Fix lockup when using concurrency limit on failed connections (Nick Craig-Wood) - Fix lockup on failed upload when using concurrency limit (Nick Craig-Wood) - Fix lockup on Close failures when using concurrency limit (Nick Craig-Wood) - Work around pureftp sending spurious 150 messages (Nick Craig-Wood) * Google Cloud Storage - Add support for --header-upload and --header-download (Nick Craig-Wood) - Add ARCHIVE storage class to help (Adam Stroud) - Ignore directory markers at the root (Nick Craig-Wood) * Googlephotos - Make the start year configurable (Daven) - Add support for --header-upload and --header-download (Tim Gallant) - Create feature/favorites directory (Brandon Philips) - Fix 'concurrent map write' error (Nick Craig-Wood) - Don't put an image in error message (Nick Craig-Wood) * HTTP - Improved directory listing with new template from Caddy project (calisro) * Jottacloud - Implement --jottacloud-trashed-only (buengese) - Add support for --header-upload and --header-download (Tim Gallant) - Use RawURLEncoding when decoding base64 encoded login token (buengese) - Implement cleanup (buengese) - Update docs regarding cleanup, removed remains from old auth, and added warning about special mountpoints. (albertony) * Mailru - Describe 2FA requirements (valery1707) * Onedrive - Implement --onedrive-server-side-across-configs (Nick Craig-Wood) - Add support for --header-upload and --header-download (Tim Gallant) - Fix occasional 416 errors on multipart uploads (Nick Craig-Wood) - Added maximum chunk size limit warning in the docs (Harry) - Fix missing drive on config (Nick Craig-Wood) - Make error quotaLimitReached to be fatal (harry) * Opendrive - Add support for --header-upload and --header-download (Tim Gallant) * Pcloud - Added support for interchangeable root folder for pCloud backend (Sunil Patra) - Add support for --header-upload and --header-download (Tim Gallant) - Fix initial config 'Auth state doesn't match' message (Nick Craig-Wood) * Premiumizeme - Add support for --header-upload and --header-download (Tim Gallant) - Prune unused functions (Lars Lehtonen) * Putio - Add support for --header-upload and --header-download (Nick Craig-Wood) - Make downloading files use the rclone http Client (Nick Craig-Wood) - Fix parsing of remotes with leading and trailing / (Nick Craig-Wood) * Qingstor - Make rclone cleanup remove pending multipart uploads older than 24h (Nick Craig-Wood) - Try harder to cancel failed multipart uploads (Nick Craig-Wood) - Prune multiUploader.list() (Lars Lehtonen) - Lint fix (Lars Lehtonen) * S3 - Add support for --header-upload and --header-download (Tim Gallant) - Use memory pool for buffer allocations (Maciej Zimnoch) - Add SSE-C support for AWS, Ceph, and MinIO (Jack Anderson) - Fail fast multipart upload (Michał Matczuk) - Report errors on bucket creation (mkdir) correctly (Nick Craig-Wood) - Specify that Minio supports URL encoding in listings (Nick Craig-Wood) - Added 500 as retryErrorCode (Michał Matczuk) - Use --low-level-retries as the number of SDK retries (Aleksandar Janković) - Fix multipart abort context (Aleksandar Jankovic) - Replace deprecated session.New() with session.NewSession() (Lars Lehtonen) - Use the provided size parameter when allocating a new memory pool (Joachim Brandon LeBlanc) - Use rclone's low level retries instead of AWS SDK to fix listing retries (Nick Craig-Wood) - Ignore directory markers at the root also (Nick Craig-Wood) - Use single memory pool (Michał Matczuk) - Do not resize buf on put to memBuf (Michał Matczuk) - Improve docs for --s3-disable-checksum (Nick Craig-Wood) - Don't leak memory or tokens in edge cases for multipart upload (Nick Craig-Wood) * Seafile - Implement 2FA (Fred) * SFTP - Added --sftp-pem-key to support inline key files (calisro) - Fix post transfer copies failing with 0 size when using set_modtime=false (Nick Craig-Wood) * Sharefile - Add support for --header-upload and --header-download (Tim Gallant) * Sugarsync - Add support for --header-upload and --header-download (Tim Gallant) * Swift - Add support for --header-upload and --header-download (Nick Craig-Wood) - Fix cosmetic issue in error message (Martin Michlmayr) * Union - Implement multiple writable remotes (Max Sum) - Fix server-side copy (Max Sum) - Implement ListR (Max Sum) - Enable ListR when upstreams contain local (Max Sum) * WebDAV - Add support for --header-upload and --header-download (Tim Gallant) - Fix X-OC-Mtime header for Transip compatibility (Nick Craig-Wood) - Report full and consistent usage with about (Yves G) * Yandex - Add support for --header-upload and --header-download (Tim Gallant) Moderate SUSE bug 1179005 CVE-2020-28924 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591). Non-security issues fixed: - Updated to Xen 4.13.2 bug fix release (bsc#1027519). - Fixed a panic during MSI cleanup on AMD hardware (bsc#1027519). - Adjusted help for --max_iters, default is 5 (bsc#1177950). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1177950 SUSE bug 1178591 CVE-2020-28368 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Update to 87.0.4280.66 (boo#1178923) - Wayland support by default - CVE-2020-16018: Use after free in payments. - CVE-2020-16019: Inappropriate implementation in filesystem. - CVE-2020-16020: Inappropriate implementation in cryptohome. - CVE-2020-16021: Race in ImageBurner. - CVE-2020-16022: Insufficient policy enforcement in networking. - CVE-2020-16015: Insufficient data validation in WASM. R - CVE-2020-16014: Use after free in PPAPI. - CVE-2020-16023: Use after free in WebCodecs. - CVE-2020-16024: Heap buffer overflow in UI. - CVE-2020-16025: Heap buffer overflow in clipboard. - CVE-2020-16026: Use after free in WebRTC. - CVE-2020-16027: Insufficient policy enforcement in developer tools. R - CVE-2020-16028: Heap buffer overflow in WebRTC. - CVE-2020-16029: Inappropriate implementation in PDFium. - CVE-2020-16030: Insufficient data validation in Blink. - CVE-2019-8075: Insufficient data validation in Flash. - CVE-2020-16031: Incorrect security UI in tab preview. - CVE-2020-16032: Incorrect security UI in sharing. - CVE-2020-16033: Incorrect security UI in WebUSB. - CVE-2020-16034: Inappropriate implementation in WebRTC. - CVE-2020-16035: Insufficient data validation in cros-disks. - CVE-2020-16012: Side-channel information leakage in graphics. - CVE-2020-16036: Inappropriate implementation in cookies. Important SUSE bug 1178923 CVE-2019-8075 CVE-2020-16012 CVE-2020-16014 CVE-2020-16015 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.4.2 MFSA 2020-49 (bsc#1178611) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for - Mozilla Thunderbird 78.4.1 * new: Thunderbird prompts for an address to use when starting an email from an address book entry with multiple addresses (bmo#84028) * fixed: Searching global search results did not work (bmo#1664761) * fixed: Link location was not focused by default when adding a hyperlink in message composer (bmo#1670660) * fixed: Advanced address book search dialog was unusable (bmo#1668147) * fixed: Encrypted draft reply emails lost 'Re:' prefix (bmo#1661510) * fixed: Replying to a newsgroup message did not open the compose window (bmo#1672667) * fixed: Unable to delete multiple newsgroup messages (bmo#1657988) * fixed: Appmenu displayed visual glitches (bmo#1636243) * fixed: Visual glitches when selecting multiple messages in the message pane and using Ctrl+click (bmo#1671800) * fixed: Switching between dark and light mode could lead to unreadable text on macOS (bmo#1668989) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178611 CVE-2020-26950 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for slurm fixes the following issues: - Updated to 20.02.6: * CVE-2020-27745: PMIx - fix potential buffer overflows from use of unpackmem() (bsc#1178890). * CVE-2020-27746: X11 forwarding - fix potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891). * Added support for openPMIx (bsc#1173805). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1173805 SUSE bug 1178890 SUSE bug 1178891 CVE-2020-27745 CVE-2020-27746 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wpa_supplicant fixes the following issues: Security issue fixed: - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934). Non-security issues fixed: - Enable SAE support (jsc#SLE-14992). - Limit P2P_DEVICE name to appropriate ifname size. - Fix wicked wlan (bsc#1156920) - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331) - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331) - Fix WLAN config on boot with wicked. (bsc#1166933) - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - Changed service-files for start after network (systemd-networkd). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1131644 SUSE bug 1131868 SUSE bug 1131870 SUSE bug 1131871 SUSE bug 1131872 SUSE bug 1131874 SUSE bug 1133640 SUSE bug 1144443 SUSE bug 1150934 SUSE bug 1156920 SUSE bug 1166933 SUSE bug 1167331 SUSE bug 930077 SUSE bug 930078 SUSE bug 930079 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-8041 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2018-14526 CVE-2019-11555 CVE-2019-13377 CVE-2019-16275 CVE-2019-9494 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for podman fixes the following issues: Security issue fixed: - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API (bsc#1176804). Non-security issues fixed: - add dependency to timezone package or podman fails to build a container (bsc#1178122) - Install new auto-update system units - Update to v2.1.1 (bsc#1178392): * Changes - The `podman info` command now includes the cgroup manager Podman is using. * API - The REST API now includes a Server header in all responses. - Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container. - Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter. - Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error. - Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) [#7722]. - The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release. - Changes in v2.1.0 * Features - A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it [#1433]. - The `podman save` and `podman load` commands can now create and load archives containing multiple images [#2669]. - Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks. - The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present. - The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy [#6400]. - The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport. - The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications. - The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units. - The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container [#6458]. - The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host. - The `podman play kube` command now supports the Socket HostPath type [#7112]. - The `podman play kube` command now supports read-only mounts. - The `podman play kube` command now supports setting labels on pods from Kubernetes metadata labels. - The `podman play kube` command now supports setting container restart policy [#7656]. - The `podman play kube` command now properly handles `HostAlias` entries. - The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries. - The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods. - The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container). - The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container. - The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container [#5128]. - Environment variables for Podman can now be added in the `containers.conf` configuration file. - The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal. - The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem. - Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems. - The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran. - A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called. - The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options. * Security - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API. * Changes - Podman will now retry pulling an image 3 times if a pull fails due to network errors. - The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did. - Error messages when creating a container or pod with a name that is already in use have been improved. - For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`. - The `podman system reset` command no longer removes configuration files for rootless Podman. * API - The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API. - Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available! - Added an endpoint for generating systemd unit files for containers. - The `last` parameter to the Libpod container list endpoint now has an alias, `limit` [#6413]. - The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings - The Compat Inspect endpoint for containers now includes port information in NetworkSettings. - The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter [#6797]. - Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts. - Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present. - Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images. - Fixed a bug where name history information was not properly added in the Libpod Image List endpoint. - Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses. - Added a `noTrunc` option to the Libpod image search endpoint. - Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present [#7392]. - Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data [#7195]. - Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed. - The Compat List endpoint for networks now supports filtering results [#7462]. - Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existent pod. - Fixed a bug where Pull endpoints did not stream progress back to the client. - The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker. - All non-hijacking responses to API requests should not include headers with the version of the server. - Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred [#7263]. - Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client. - Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting. - Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly. - Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format [#7196]. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1176804 SUSE bug 1178122 SUSE bug 1178392 CVE-2020-14370 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for perl-DBI fixes the following issues: - DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). [bsc#1176492, CVE-2014-10401, CVE-2014-10402] This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1176492 CVE-2014-10401 CVE-2014-10402 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dash fixes the following issues: - Fixed an issue where code was executed even if noexec ('-n') was specified (bsc#1178978). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178978 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.14 fixes the following issues: - go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages. * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362) * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367) * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366) * go#42155 time: Location interprets wrong timezone (DST) with slim zoneinfo * go#42112 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly * go#41991 runtime: macOS-only segfault on 1.14+ with 'split stack overflow' * go#41913 net/http: request.Clone doesn't deep copy TransferEncoding * go#41703 runtime: macOS syscall.Exec can get SIGILL due to preemption signal * go#41386 x/net/http2: connection-level flow control not returned if stream errors, causes server hang This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1164903 SUSE bug 1178750 SUSE bug 1178752 SUSE bug 1178753 CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wireshark fixes the following issues: - wireshark was updated to 3.2.8: - CVE-2020-26575: Fixed an issue where FBZERO dissector was entering in infinite loop (bsc#1177406) - CVE-2020-28030: Fixed an issue where GQUIC dissector was crashing (bsc#1178291) * Infinite memory allocation while parsing this tcp packet This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177406 SUSE bug 1178291 CVE-2020-26575 CVE-2020-28030 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges (bsc#1177843). - Added --container-init feature (bsc#1177319, bsc#1163764) - Made journald as the logdriver again (bsc#1177933) - Fixes a condition check for copy_tree, copy_files, and move_files in cephadm (bsc#1177676) - Fixed a bug where device_health_metrics pool gets created even without any OSDs in the cluster (bsc#1173079) - Log cephadm output /var/log/ceph/cephadm.log (bsc#1174644) - Fixed a bug where the orchestrator didn't come up anymore after the deletion of OSDs (bsc#1176499) - Fixed a bug where cephadm fails to deploy all OSDs and gets stuck (bsc#1177450) - python-common will no longer skip unavailable disks (bsc#1177151) - Added snap-schedule module (jsc#SES-704) - Updated the SES7 downstream branding (bsc#1175120, bsc#1175161, bsc#1175169, bsc#1170498) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1163764 SUSE bug 1170200 SUSE bug 1170498 SUSE bug 1173079 SUSE bug 1174466 SUSE bug 1174529 SUSE bug 1174644 SUSE bug 1175120 SUSE bug 1175161 SUSE bug 1175169 SUSE bug 1176451 SUSE bug 1176499 SUSE bug 1176638 SUSE bug 1177078 SUSE bug 1177151 SUSE bug 1177319 SUSE bug 1177344 SUSE bug 1177450 SUSE bug 1177643 SUSE bug 1177676 SUSE bug 1177843 SUSE bug 1177933 SUSE bug 1178073 SUSE bug 1178531 CVE-2020-25660 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mariadb-connector-c fixes the following issues: - Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180 - Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428] This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177472 SUSE bug 1178428 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for c-ares fixes the following issues: Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178882 CVE-2020-8277 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: TODO - Mozilla Thunderbird 78.5.0 * new: OpenPGP: Added option to disable attaching the public key to a signed message (bmo#1654950) * new: MailExtensions: 'compose_attachments' context added to Menus API (bmo#1670822) * new: MailExtensions: Menus API now available on displayed messages (bmo#1670825) * changed: MailExtensions: browser.tabs.create will now wait for 'mail-delayed-startup-finished' event (bmo#1674407) * fixed: OpenPGP: Support for inline PGP messages improved (bmo#1672851) * fixed: OpenPGP: Message security dialog showed unverified keys as unavailable (bmo#1675285) * fixed: Chat: New chat contact menu item did not function (bmo#1663321) * fixed: Various theme and usability improvements (bmo#1673861) * fixed: Various security fixes MFSA 2020-52 (bsc#1178894) * CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI * CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API) * CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService * CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray * CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype * CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords * CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, bmo#1671923) Memory safety bugs fixed in Thunderbird 78.5 - Mozilla Thunderbird 78.4.3 * fixed: User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme (bmo#1659282) * fixed: Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme (bmo#1675970) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178894 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). - CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka 'BleedingTooth' aka 'BadVibes' (bsc#1177726). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725). - CVE-2020-25212: A TOCTOU mismatch in the NFS client code in the Linux kernel could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381). - CVE-2020-25645: Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1177511). - CVE-2020-25643: Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (bnc#1177206). - CVE-2020-25641: A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allowed a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability (bnc#1177121). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Make FONTX ioctl use the tty pointer they were actually passed (bsc#1178123). - CVE-2020-25656: Extend func_buf_lock to readers (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485). - CVE-2020-14351: Fixed race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-8694: Restrict energy meter to root access (bsc#1170415). - CVE-2020-16120: Check permission to open real file in overlayfs (bsc#1177470). - CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721) The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: Always build evged in (git-fixes). - ACPI: button: fix handling lid state changes when input device closed (git-fixes). - ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24). - Add CONFIG_CHECK_CODESIGN_EKU - airo: Fix read overflows sending packets (git-fixes). - ALSA: ac97: (cosmetic) align argument names (git-fixes). - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: asihpi: fix spellint typo in comments (git-fixes). - ALSA: atmel: ac97: clarify operator precedence (git-fixes). - ALSA: bebob: potential info leak in hwdep_read() (git-fixes). - ALSA: compress_offload: remove redundant initialization (git-fixes). - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: core: pcm: simplify locking for timers (git-fixes). - ALSA: core: timer: clarify operator precedence (git-fixes). - ALSA: core: timer: remove redundant assignment (git-fixes). - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes). - ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes). - ALSA: hda: (cosmetic) align function parameters (git-fixes). - ALSA: hda - Do not register a cb func if it is registered already (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes). - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes). - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes). - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes). - ALSA: hdspm: Fix typo arbitary (git-fixes). - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes). - ALSA: portman2x4: fix repeated word 'if' (git-fixes). - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes). - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes). - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes). - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes). - ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes). - ALSA: usb: scarless_gen2: fix endianness issue (git-fixes). - ALSA: vx: vx_core: clarify operator precedence (git-fixes). - ALSA: vx: vx_pcm: remove redundant assignment (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: Enable PCI write-combine resources under sysfs (bsc#1175807). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes). - ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes). - ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes). - ASoC: qcom: lpass-platform: fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes). - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes). - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes). - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes). - ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: provide survey info as accumulated data (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes). - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes). - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes). - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes). - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750). - block: ensure bdi->io_pages is always initialized (bsc#1177749). - block: Fix page_is_mergeable() for compound pages (bsc#1177814). - block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes). - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes). - Bluetooth: Only mark socket zapped after unlocking (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes). - bonding: show saner speed for broadcast mode (networking-stable-20_08_24). - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes). - brcmfmac: check ndev pointer (git-fixes). - brcmfmac: Fix double freeing in the fmac usb data path (git-fixes). - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854). - btrfs: allocate scrub workqueues outside of locks (bsc#1178183). - btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: fix free-space bitmap threshold (bsc#1176019). - btrfs: block-group: refactor how we delete one block group item (bsc#1176019). - btrfs: block-group: refactor how we insert a block group item (bsc#1176019). - btrfs: block-group: refactor how we read one block group item (bsc#1176019). - btrfs: block-group: rename write_one_cache_group() (bsc#1176019). - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: do not force read-only after error in drop snapshot (bsc#1176354). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: do not take an extra root ref at allocation time (bsc#1176019). - btrfs: drop logs when we've aborted a transaction (bsc#1176019). - btrfs: drop path before adding new uuid tree entry (bsc#1178176). - btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019). - Btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019). - btrfs: fix filesystem corruption after a device replace (bsc#1178395). - btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190). - btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: fix space cache memory leak after transaction abort (bsc#1178173). - btrfs: free block groups after free'ing fs trees (bsc#1176019). - btrfs: hold a ref on the root on the dead roots list (bsc#1176019). - btrfs: kill the subvol_srcu (bsc#1176019). - btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019). - btrfs: make inodes hold a ref on their roots (bsc#1176019). - btrfs: make the extent buffer leak check per fs info (bsc#1176019). - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395). - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395). - btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019). - btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019). - btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856). - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: rename member 'trimming' of block group to a more generic name (bsc#1176019). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - btrfs: set the correct lockdep class for new nodes (bsc#1178184). - btrfs: set the lockdep class for log tree extent buffers (bsc#1178186). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861). - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes). - ceph: promote to unsigned long long before shifting (bsc#1178175). - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes). - clk: at91: remove the checking of parent_name (git-fixes). - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes). - clk: imx8mq: Fix usdhc parents order (git-fixes). - clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes). - clk: meson: g12a: mark fclk_div2 as critical (git-fixes). - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes). - clk: tegra: Always program PLL_E when enabled (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes). - cpuidle: Poll for a minimum of 30ns and poll for a tick if lower c-states are disabled (bnc#1176588). - create Storage / NVMe subsection - crypto: algif_aead - Do not set MAY_BACKLOG on the async path (git-fixes). - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - crypto: ccp - fix error handling (git-fixes). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: ecdh - check validity of Z before export (bsc#1175718). - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes). - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes). - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes). - crypto: picoxcell - Fix potential race condition bug (git-fixes). - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (git-fixes). - cxgb4: fix memory leak during module unload (networking-stable-20_09_24). - cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24). - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes). - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes). - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817). - Disable module compression on SLE15 SP2 (bsc#1178307) - dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743). - dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743). - dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743). - dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743). - dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743). - dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743). - dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743). - dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743). - dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743). - dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743). - dma-direct: remove the dma_handle argument to __dma_direct_alloc_pages (bsc#1175898, ECO-2743). - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes). - dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes). - dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes). - dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes). - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes). - dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743). - dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743). - dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743). - dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743). - dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743). - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743). - dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743). - dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743). - dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743). - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743). - dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743). - dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743). - dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743). - dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743). - dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743). - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743). - dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743). - dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743). - dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743). - dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743). - dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743). - dm: Call proper helper to determine dax support (bsc#1177817). - dm/dax: Fix table reference counts (bsc#1178246). - docs: driver-api: remove a duplicated index entry (git-fixes). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes). - drm/radeon: revert 'Prefer lower feedback dividers' (bsc#1177384). - drop Storage / bsc#1171688 subsection No effect on expanded tree. - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489). - eeprom: at25: set minimum read/write access stride to 1 (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - exfat: fix wrong size update of stream entry by typo (git-fixes). - extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes). - ftrace: Move RCU is watching check after recursion check (git-fixes). - fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193). - futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648). - futex: Consistently use fshared as boolean (bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1149032). - futex: Remove put_futex_key() (bsc#1149032). - futex: Remove unused or redundant includes (bsc#1149032). - gpio: mockup: fix resource leak in error path (git-fixes). - gpio: rcar: Fix runtime PM imbalance on error (git-fixes). - gpio: siox: explicitly support only threaded irqs (git-fixes). - gpio: sprd: Clear interrupt when setting the type as edge (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24). - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11). - HID: hid-input: fix stylus battery reporting (git-fixes). - HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes). - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes). - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes). - hwmon: (applesmc) check status earlier (git-fixes). - hwmon: (mlxreg-fan) Fix double 'Mellanox' (git-fixes). - hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: aspeed: Mask IRQ status to relevant bits (git-fixes). - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes). - i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - i2c: i801: Exclude device from suspend direct complete optimization (git-fixes). - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - i2c: meson: fixup rate calculation with filter delay (git-fixes). - i2c: owl: Clear NACK and BUS error bits (git-fixes). - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes). - i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes). - i2c: tegra: Restore pinmux on system resume (git-fixes). - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo (git-fixes). - i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes). - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897). - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes). - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes). - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes). - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes). - icmp: randomize the global rate limiter (git-fixes). - ida: Free allocated bitmap in error path (git-fixes). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes). - iio: adc: gyroadc: fix leak of device node iterator (git-fixes). - iio: adc: qcom-spmi-adc5: fix driver name (git-fixes). - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes). - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes). - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes). - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes). - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes). - ima: Do not ignore errors from crypto_shash_update() (git-fixes). - ima: extend boot_aggregate with kernel measurements (bsc#1177617). - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes). - Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes). - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532). - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes). - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes). - Input: stmfts - fix a & vs && typo (git-fixes). - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes). - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297). - iommu/amd: Fix potential @entry null deref (bsc#1177283). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739). - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24). - ipmi_si: Fix wrong return value in try_smi_init() (git-fixes). - ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24). - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes). - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24). - ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24). - ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11). - ipvlan: fix device features (networking-stable-20_08_24). - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes). - kabi fix for NFS: Fix flexfiles read failover (git-fixes). - kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353). - kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - kabi/severities: ignore kABI for target_core_rbd Match behaviour for all other Ceph specific modules. - kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes). - kbuild: enforce -Werror=return-type (bsc#1177281). - kernel-binary.spec.in: Exclude .config.old from kernel-devel - use tar excludes for .kernel-binary.spec.buildenv - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist. - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - leds: mlxreg: Fix possible buffer overflow (git-fixes). - leds: mt6323: move period calculation (git-fixes). - libceph-add-support-for-CMPEXT-compare-extent-reques.patch: (bsc#1177090). - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177). - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - mac80211: handle lack of sband->bitrates in rates (git-fixes). - mac80211: skip mpath lookup also for control port tx (git-fixes). - mac802154: tx: fix use-after-free (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mailbox: avoid timer start from callback (git-fixes). - media: ati_remote: sanity check for both endpoints (git-fixes). - media: bdisp: Fix runtime PM imbalance on error (git-fixes). - media: camss: Fix a reference count leak (git-fixes). - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes). - media: exynos4-is: Fix a reference count leak (git-fixes). - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes). - media: firewire: fix memory leak (git-fixes). - media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes). - media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes). - media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes). - media: mc-device.c: fix memleak in media_device_register_entity (git-fixes). - media: media/pci: prevent memory leak in bttv_probe (git-fixes). - media: mx2_emmaprp: Fix memleak in emmaprp_probe (git-fixes). - media: omap3isp: Fix memleak in isp_probe (git-fixes). - media: ov5640: Correct Bit Div register in clock tree diagram (git-fixes). - media: platform: fcp: Fix a reference count leak (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes). - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes). - media: rcar-csi2: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes). - media: rcar-vin: Fix a reference count leak (git-fixes). - media: rc: do not access device via sysfs after rc_unregister_device() (git-fixes). - media: rc: uevent sysfs file races with rc_unregister_device() (git-fixes). - media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes). - media: rockchip/rga: Fix a reference count leak (git-fixes). - media: s5p-mfc: Fix a reference count leak (git-fixes). - media: saa7134: avoid a shift overflow (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: staging/intel-ipu3: css: Correctly reset some memory (git-fixes). - media: st-delta: Fix reference count leak in delta_run_work (git-fixes). - media: sti: Fix reference count leaks (git-fixes). - media: stm32-dcmi: Fix a reference count leak (git-fixes). - media: tc358743: cleanup tc358743_cec_isr (git-fixes). - media: tc358743: initialize variable (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - media: ti-vpe: Fix a missing check and reference count leak (git-fixes). - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: usbtv: Fix refcounting mixup (git-fixes). - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Document asd allocation requirements (git-fixes). - media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes). - media: vsp1: Fix runtime PM imbalance on error (git-fixes). - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes). - memory: omap-gpmc: Fix a couple off by ones (git-fixes). - memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - mic: vop: copy data to kernel space then write to io memory (git-fixes). - misc: mic: scif: Fix error handling path (git-fixes). - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes). - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes). - mm: call cond_resched() from deferred_init_memmap() (git fixes (mm/init), bsc#1177697). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mmc: core: Rework wp-gpio handling (git-fixes). - mm, compaction: fully assume capture is not NULL in compact_zone_order() (git fixes (mm/compaction), bsc#1177681). - mm, compaction: make capture control handling safe wrt interrupts (git fixes (mm/compaction), bsc#1177681). - mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mmc: sdhci: Add LTR support for some Intel BYT based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes). - mm/debug.c: always print flags in dump_page() (git fixes (mm/debug)). - mm: do not panic when links can't be created in sysfs (bsc#1178002). - mm: do not rely on system state to detect hot-plug operations (bsc#1178002). - mm: fix a race during THP splitting (bsc#1178255). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm: initialize deferred pages with interrupts enabled (git fixes (mm/init), bsc#1177697). - mm: madvise: fix vma user-after-free (git-fixes). - mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() (bsc#1177694). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/migrate.c: also overwrite error when it is bigger than zero (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: report the number of non-attempted pages (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: return valid node id in status if the page is already on the target node (git fixes (mm/move_pages), bsc#1177683). - mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init (git fixes (mm/init), bsc#1177697). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm: replace memmap_context by meminit_context (bsc#1178002). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm, slab/slub: improve error reporting and overhead of cache_from_obj() (mm/slub bsc#1165692). - mm, slab/slub: move and improve cache_from_obj() (mm/slub bsc#1165692). - mm, slub: extend checks guarded by slub_debug static key (mm/slub bsc#1165692). - mm, slub: extend slub_debug syntax for multiple blocks (mm/slub bsc#1165692). - mm, slub: introduce kmem_cache_debug_flags() (mm/slub bsc#1165692). - mm, slub: introduce static key for slub_debug() (mm/slub bsc#1165692). - mm, slub: make reclaim_account attribute read-only (mm/slub bsc#1165692). - mm, slub: make remaining slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: make some slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: remove runtime allocation order changes (mm/slub bsc#1165692). - mm, slub: restore initial kmem_cache flags (mm/slub bsc#1165692). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - module: Correctly truncate sysfs sections output (git-fixes). - module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes). - module: Refactor section attr into bin attribute (git-fixes). - module: statically initialize init section freeing data (git-fixes). - Move upstreamed BT patch into sorted section - Move upstreamed intel-vbtn patch into sorted section - mt76: add missing locking around ampdu action (git-fixes). - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes). - mt76: do not use devm API for led classdev (git-fixes). - mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes). - mt76: fix LED link time failure (git-fixes). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - mtd: lpddr: fix excessive stack usage with clang (git-fixes). - mtd: mtdoops: Do not write panic data twice (git-fixes). - mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes). - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes). - mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes). - mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes). - mtd: spinand: gigadevice: Add QE Bit (git-fixes). - mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes). - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes). - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes). - mwifiex: fix double free (git-fixes). - mwifiex: remove function pointer check (git-fixes). - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes). - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24). - net/core: check length before updating Ethertype in skb_mpls_{push,pop} (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24). - net: disable netpoll on fresh napis (networking-stable-20_09_11). - net: dsa: b53: check for timeout (networking-stable-20_08_24). - net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24). - net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24). - net: Fix bridge enslavement failure (networking-stable-20_09_24). - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24). - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11). - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24). - netlabel: fix problems with mapping removal (networking-stable-20_09_11). - net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24). - net: lantiq: Use napi_complete_done() (networking-stable-20_09_24). - net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24). - net: lantiq: Wake TX queue again (networking-stable-20_09_24). - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24). - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24). - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24). - net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24). - net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes). - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24). - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24). - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24). - net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24). - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11). - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11). - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes). - nfp: use correct define to return NONE fec (networking-stable-20_09_24). - nfsd4: fix NULL dereference in nfsd/clients display code (git-fixes). - NFS: Do not move layouts to plh_return_segs list while in use (git-fixes). - NFS: Do not return layout segments that are in use (git-fixes). - nfs: ensure correct writeback errors are returned on close() (git-fixes). - NFS: Fix flexfiles read failover (git-fixes). - nfs: Fix security label length not being reset (bsc#1176381). - nfs: nfs_file_write() should check for writeback errors (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - nl80211: fix non-split wiphy information (git-fixes). - NTB: hw: amd: fix an issue about leak system resources (git-fixes). - ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes). - nvme-multipath: retry commands for dying queues (bsc#1171688). - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748). - nvme-rdma: fix crash when connect rejected (bsc#1174748). - overflow: Include header file with SIZE_MAX declaration (git-fixes). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI: aardvark: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - PCI: Avoid double hpmemsize MMIO window assignment (git-fixes). - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - PCI: tegra194: Fix runtime PM imbalance on error (git-fixes). - PCI: tegra: Fix runtime PM imbalance on error (git-fixes). - percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)). - perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489). - perf/x86: Fix n_pair for cancelled txn (bsc#1152489). - phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes). - pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB (git-fixes). - pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes). - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification. - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353). - Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes). - platform/x86: intel_pmc_core: do not create a static struct device (git-fixes). - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - pNFS/flexfiles: Ensure we initialise the mirror bsizes correctly on read (git-fixes). - powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186 ltc#153436 git-fixes). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729). - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729). - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729). - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729). - powerpc/papr_scm: Fix warning triggered by perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729). - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729). - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729). - powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246 git-fixes). - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes). - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729). - power: supply: bq27xxx: report 'not charging' on all types (git-fixes). - power: supply: max17040: Correct voltage reading (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - pwm: img: Fix null pointer access in probe (git-fixes). - pwm: lpss: Add range limit check for the base_unit register value (git-fixes). - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes). - qla2xxx: Return EBUSY on fcport deletion (bsc#1171688). - qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes). - r8169: fix data corruption issue on RTL8402 (bsc#1174098). - r8169: fix issue with forced threading in combination with shared interrupts (git-fixes). - r8169: fix operation under forced interrupt threading (git-fixes). - rapidio: fix the missed put_device() for rio_mport_add_riodev (git-fixes). - rbd-add-rbd_img_fill_cmp_and_write_from_bvecs.patch: (bsc#1177090). - rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch: (bsc#1177090). - RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request (bsc#1175621). - Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#1171675). - regulator: axp20x: fix LDO2/4 description (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - rename Other drivers / Intel IOMMU subsection to IOMMU - reset: sti: reset-syscfg: fix struct description warnings (git-fixes). - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes). - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rtc: ds1374: fix possible race condition (git-fixes). - rtc: rx8010: do not modify the global rtc ops (git-fixes). - rtc: sa1100: fix possible race condition (git-fixes). - rtl8xxxu: prevent potential memory leak (git-fixes). - rtw88: increse the size of rx buffer size (git-fixes). - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733). - s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735). - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Avoid creating large imbalances at task creation time (bnc#1176588). - sched/numa: Check numa balancing information only when enabled (bnc#1176588). - sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729). - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add SLER and PI control support (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix memory size truncation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Performance tweak (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1171688 bsc#1174003). - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11). - selftests/timers: Turn off timeout setting (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial: uartps: Wait for tx_empty in console setup (git-fixes). - slimbus: core: check get_addr before removing laddr ida (git-fixes). - slimbus: core: do not enter to clock pause mode in core (git-fixes). - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes). - soc: fsl: qbman: Fix return value on success (git-fixes). - spi: dw-pci: free previously allocated IRQs if desc->setup() fails (git-fixes). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - spi: omap2-mcspi: Improve performance waiting for CHSTAT (git-fixes). - spi: spi-s3c64xx: Check return values (git-fixes). - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes). - spi: sprd: Release DMA channel also on probe deferral (git-fixes). - spi: stm32: Rate-limit the 'Communication suspended' message (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes). - staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes). - SUNRPC: Revert 241b1f419f0e ('SUNRPC: Remove xdr_buf_trim()') (git-fixes). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (git-fixes). - taprio: Fix allowing too small intervals (networking-stable-20_09_24). - target-compare-and-write-backend-driver-sense-handli.patch: (bsc#1177719). - target-rbd-add-emulate_legacy_capacity-dev-attribute.patch: (bsc#1177109). - target-rbd-add-WRITE-SAME-support.patch: (bsc#1177090). - target-rbd-conditionally-fix-off-by-one-bug-in-get_b.patch: (bsc#1177109). - target-rbd-detect-stripe_unit-SCSI-block-size-misali.patch: (bsc#1177090). - target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271). - target-rbd-fix-unmap-handling-with-unmap_zeroes_data.patch: (bsc#1177271). - target-rbd-support-COMPARE_AND_WRITE.patch: (bsc#1177090). - thermal: rcar_thermal: Handle probe error gracefully (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648). - tipc: fix memory leak caused by tipc_buf_append() (git-fixes). - tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24). - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11). - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24). - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes). - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24). - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24). - tracing: Check return value of __create_val_fields() before using its result (git-fixes). - tracing: Save normal string variables (git-fixes). - tty: ipwireless: fix error handling (git-fixes). - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194). - Update patches.suse/target-add-rbd-backend.patch: (). (simplify block to byte calculations and use consistent error paths) - USB: adutux: fix debugging (git-fixes). - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes). - usb: cdc-acm: fix cooldown mechanism (git-fixes). - USB: cdc-acm: handle broken union descriptors (git-fixes). - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes). - usb: core: Solve race condition in anchor cleanup functions (git-fixes). - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes). - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes). - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes). - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes). - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes). - usb: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes). - usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes). - usb: dwc3: simple: add support for Hikey 970 (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes). - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes). - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes). - usblp: fix race between disconnect() and read() (git-fixes). - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - usb: ohci: Default to per-port over-current protection (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - USB: serial: qcserial: fix altsetting probing (git-fixes). - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - usb: xhci-mtk: Fix typo (git-fixes). - usb: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio-net: do not disable guest csum when disable LRO (git-fixes). - VMCI: check return value of get_user_pages_fast() for errors (git-fixes). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes). - watchdog: Fix memleak in watchdog_cdev_register (git-fixes). - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes). - watchdog: Use put_device on error (git-fixes). - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes). - wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes). - wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1177755). - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755). - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755). - X.509: Add CodeSigning extended key usage parsing (bsc#1177353). - x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749). - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489). - x86/ioapic: Unbreak check_timer() (bsc#1152489). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1177765). - x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1176907). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/gntdev.c: Mark pages as dirty (bsc#1065600). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix high key handling in the rt allocator's query_range function (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: force the log after remapping a synchronous-writes file (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: limit entries returned when counting fsmap records (git-fixes). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Important SUSE bug 1055014 SUSE bug 1055186 SUSE bug 1061843 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066382 SUSE bug 1077428 SUSE bug 1129923 SUSE bug 1134760 SUSE bug 1149032 SUSE bug 1152489 SUSE bug 1155798 SUSE bug 1163592 SUSE bug 1164648 SUSE bug 1165692 SUSE bug 1166146 SUSE bug 1166166 SUSE bug 1167030 SUSE bug 1168468 SUSE bug 1170415 SUSE bug 1171675 SUSE bug 1171688 SUSE bug 1174003 SUSE bug 1174098 SUSE bug 1174748 SUSE bug 1174969 SUSE bug 1175052 SUSE bug 1175306 SUSE bug 1175599 SUSE bug 1175621 SUSE bug 1175718 SUSE bug 1175721 SUSE bug 1175749 SUSE bug 1175807 SUSE bug 1175898 SUSE bug 1176019 SUSE bug 1176354 SUSE bug 1176381 SUSE bug 1176400 SUSE bug 1176485 SUSE bug 1176588 SUSE bug 1176713 SUSE bug 1176907 SUSE bug 1176979 SUSE bug 1177086 SUSE bug 1177090 SUSE bug 1177109 SUSE bug 1177121 SUSE bug 1177193 SUSE bug 1177194 SUSE bug 1177206 SUSE bug 1177258 SUSE bug 1177271 SUSE bug 1177281 SUSE bug 1177283 SUSE bug 1177284 SUSE bug 1177285 SUSE bug 1177286 SUSE bug 1177297 SUSE bug 1177353 SUSE bug 1177384 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177511 SUSE bug 1177617 SUSE bug 1177681 SUSE bug 1177683 SUSE bug 1177687 SUSE bug 1177694 SUSE bug 1177697 SUSE bug 1177719 SUSE bug 1177724 SUSE bug 1177725 SUSE bug 1177726 SUSE bug 1177739 SUSE bug 1177749 SUSE bug 1177750 SUSE bug 1177754 SUSE bug 1177755 SUSE bug 1177765 SUSE bug 1177766 SUSE bug 1177799 SUSE bug 1177801 SUSE bug 1177814 SUSE bug 1177817 SUSE bug 1177854 SUSE bug 1177855 SUSE bug 1177856 SUSE bug 1177861 SUSE bug 1178002 SUSE bug 1178079 SUSE bug 1178123 SUSE bug 1178166 SUSE bug 1178173 SUSE bug 1178175 SUSE bug 1178176 SUSE bug 1178177 SUSE bug 1178183 SUSE bug 1178184 SUSE bug 1178185 SUSE bug 1178186 SUSE bug 1178190 SUSE bug 1178191 SUSE bug 1178246 SUSE bug 1178255 SUSE bug 1178307 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178395 SUSE bug 1178461 SUSE bug 1178579 SUSE bug 1178581 SUSE bug 1178584 SUSE bug 1178585 SUSE bug 802154 SUSE bug 954532 CVE-2020-12351 CVE-2020-12352 CVE-2020-14351 CVE-2020-16120 CVE-2020-24490 CVE-2020-25212 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-25705 CVE-2020-8694 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for neomutt fixes the following issues: Update neomutt to 20201120. Address boo#1179035, CVE-2020-28896. * Security - imap: close connection on all failures * Features - alias: add function to Alias/Query dialogs - config: add validators for {imap,smtp,pop}_authenticators - config: warn when signature file is missing or not readable - smtp: support for native SMTP LOGIN auth mech - notmuch: show originating folder in index * Bug Fixes - sidebar: prevent the divider colour bleeding out - sidebar: fix <sidebar-{next,prev}-new> - notmuch: fix query for current email - restore shutdown-hook functionality - crash in reply-to - user-after-free in folder-hook - fix some leaks - fix application of limits to modified mailboxes - write Date header when postponing * Translations - 100% Lithuanian - 100% Czech - 70% Turkish * Docs - Document that $sort_alias affects the query menu * Build - improve ASAN flags - add SASL and S/MIME to --everything - fix contrib (un)install * Code - my_hdr compose screen notifications - add contracts to the MXAPI - maildir refactoring - further reduce the use of global variables * Upstream - Add $count_alternatives to count attachments inside alternatives - Changes from 20200925 * Features - Compose: display user-defined headers - Address Book / Query: live sorting - Address Book / Query: patterns for searching - Config: Add '+=' and '-=' operators for String Lists - Config: Add '+=' operator for Strings - Allow postfix query ':setenv NAME?' for env vars * Bug Fixes - Fix crash when searching with invalid regexes - Compose: Prevent infinite loop of send2-hooks - Fix sidebar on new/removed mailboxes - Restore indentation for named mailboxes - Prevent half-parsing an alias - Remove folder creation prompt for POP path - Show error if $message_cachedir doesn't point to a valid directory - Fix tracking LastDir in case of IMAP paths with Unicode characters - Make sure all mail gets applied the index limit - Add warnings to -Q query CLI option - Fix index tracking functionality * Changed Config - Add $compose_show_user_headers (yes) * Translations - 100% Czech - 100% Lithuanian - Split up usage strings * Build - Run shellcheck on hcachever.sh - Add the Address Sanitizer - Move compose files to lib under compose/ - Move address config into libaddress - Update to latest acutest - fixes a memory leak in the unit tests * Code - Implement ARRAY API - Deglobalised the Config Sort functions - Refactor the Sidebar to be Event-Driven - Refactor the Color Event - Refactor the Commands list - Make ctx_update_tables private - Reduce the scope/deps of some Validator functions - Use the Email's IMAP UID instead of an increasing number as index - debug: log window focus - Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch. No longer needed. - Update to 20200821: * Bug Fixes - fix maildir flag generation - fix query notmuch if file is missing - notmuch: don't abort sync on error - fix type checking for send config variables * Changed Config - $sidebar_format - Use %D rather than %B for named mailboxes * Translations - 96% Lithuanian - 90% Polish - fix(sidebar): abbreviate/shorten what user sees - Fix sidebar mailbox name display problem. - Update to 20200814: * Notes - Add one-liner docs to config items See: neomutt -O -Q smart_wrap - Remove the built-in editor A large unused and unusable feature * Security - Add mitigation against DoS from thousands of parts boo#1179113 * Features - Allow index-style searching in postpone menu - Open NeoMutt using a mailbox name - Add cd command to change the current working directory - Add tab-completion menu for patterns - Allow renaming existing mailboxes - Check for missing attachments in alternative parts - Add one-liner docs to config items * Bug Fixes - Fix logic in checking an empty From address - Fix Imap crash in cmd_parse_expunge() - Fix setting attributes with S-Lang - Fix: redrawing of $pager_index_lines - Fix progress percentage for syncing large mboxes - Fix sidebar drawing in presence of indentation + named mailboxes - Fix retrieval of drafts when 'postponed' is not in the mailboxes list - Do not add comments to address group terminators - Fix alias sorting for degenerate addresses - Fix attaching emails - Create directories for nonexistent file hcache case - Avoid creating mailboxes for failed subscribes - Fix crash if rejecting cert * Changed Config - Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed - Change default of $crypt_protected_headers_subject to '...' - Add default keybindings to history-up/down * Translations - 100% Czech - 100% Spanish * Build - Allow building against Lua 5.4 - Fix when sqlite3.h is missing * Docs - Add a brief section on stty to the manual - Update section 'Terminal Keybindings' in the manual - Clarify PGP Pseudo-header S<id> duration * Code - Clean up String API - Make the Sidebar more independent - De-centralise the Config Variables - Refactor dialogs - Refactor: Help Bar generation - Make more APIs Context-free - Adjust the edata use in Maildir and Notmuch - Window refactoring - Convert libsend to use Config functions - Refactor notifications to reduce noise - Convert Keymaps to use STAILQ - Track currently selected email by msgid - Config: no backing global variable - Add events for key binding * Upstream - Fix imap postponed mailbox use-after-free error - Speed up thread sort when many long threads exist - Fix ~v tagging when switching to non-threaded sorting - Add message/global to the list of known 'message' types - Print progress meter when copying/saving tagged messages - Remove ansi formatting from autoview generated quoted replies - Change postpone mode to write Date header too - Unstuff format=flowed - Update to 20200626: * Bug Fixes - Avoid opening the same hcache file twice - Re-open Mailbox after folder-hook - Fix the matching of the spoolfile Mailbox - Fix link-thread to link all tagged emails * Changed Config - Add $tunnel_is_secure config, defaulting to true * Upstream - Don't check IMAP PREAUTH encryption if $tunnel is in use - Add recommendation to use $ssl_force_tls - Changes from 20200501: * Security - Abort GnuTLS certificate check if a cert in the chain is rejected CVE-2020-14154 boo#1172906 - TLS: clear data after a starttls acknowledgement CVE-2020-14954 boo#1173197 - Prevent possible IMAP MITM via PREAUTH response CVE-2020-14093 boo#1172935 * Features - add config operations +=/-= for number,long - Address book has a comment field - Query menu has a comment field * Contrib sample.neomuttrc-starter: Do not echo prompted password * Bug Fixes - make 'news://' and 'nntp://' schemes interchangeable - Fix CRLF to LF conversion in base64 decoding - Double comma in query - compose: fix redraw after history - Crash inside empty query menu - mmdf: fix creating new mailbox - mh: fix creating new mailbox - mbox: error out when an mbox/mmdf is a pipe - Fix list-reply by correct parsing of List-Post headers - Decode references according to RFC2047 - fix tagged message count - hcache: fix keylen not being considered when building the full key - sidebar: fix path comparison - Don't mess with the original pattern when running IMAP searches - Handle IMAP 'NO' resps by issuing a msg instead of failing badly - imap: use the connection delimiter if provided - Memory leaks * Changed Config - $alias_format default changed to include %c comment - $query_format default changed to include %e extra info * Translations - 100% Lithuanian - 84% French - Log the translation in use * Docs - Add missing commands unbind, unmacro to man pages * Build - Check size of long using LONG_MAX instead of __WORDSIZE - Allow ./configure to not record cflags - fix out-of-tree build - Avoid locating gdbm symbols in qdbm library * Code - Refactor unsafe TAILQ returns - add window notifications - flip negative ifs - Update to latest acutest.h - test: add store tests - test: add compression tests - graphviz: email - make more opcode info available - refactor: main_change_folder() - refactor: mutt_mailbox_next() - refactor: generate_body() - compress: add {min,max}_level to ComprOps - emphasise empty loops: '// do nothing' - prex: convert is_from() to use regex - Refactor IMAP's search routines - Update to 20200501: * Bug Fixes - Make sure buffers are initialized on error - fix(sidebar): use abbreviated path if possible * Translations - 100% Lithuanian * Docs - make header cache config more explicit - Changes from 20200424: * Bug Fixes - Fix history corruption - Handle pretty much anything in a URL query part - Correctly parse escaped characters in header phrases - Fix crash reading received header - Fix sidebar indentation - Avoid crashing on failure to parse an IMAP mailbox - Maildir: handle deleted emails correctly - Ensure OP_NULL is always first * Translations - 100% Czech * Build - cirrus: enable pcre2, make pkgconf a special case - Fix finding pcre2 w/o pkgconf - build: tdb.h needs size_t, bring it in with stddef.h - Changes from 20200417: * Features - Fluid layout for Compose Screen, see: vimeo.com/407231157 - Trivial Database (TDB) header cache backend - RocksDB header cache backend - Add <sidebar-first> and <sidebar-last> functions * Bug Fixes - add error for CLI empty emails - Allow spaces and square brackets in paths - browser: fix hidden mailboxes - fix initial email display - notmuch: fix time window search. - fix resize bugs - notmuch: fix entire-thread: update current email pointer - sidebar: support indenting and shortening of names - Handle variables inside backticks in sidebar_whitelist - browser: fix mask regex error reporting * Translations - 100% Lithuanian - 99% Chinese (simplified) * Build - Use regexes for common parsing tasks: urls, dates - Add configure option --pcre2 -- Enable PCRE2 regular expressions - Add configure option --tdb -- Use TDB for the header cache - Add configure option --rocksdb -- Use RocksDB for the header cache - Create libstore (key/value backends) - Update to latest autosetup - Update to latest acutest.h - Rename doc/ directory to docs/ - make: fix location of .Po dependency files - Change libcompress to be more universal - Fix test fails on х32 - fix uidvalidity to unsigned 32-bit int * Code - Increase test coverage - Fix memory leaks - Fix null checks * Upstream - Buffer refactoring - Fix use-after-free in mutt_str_replace() - Clarify PGP Pseudo-header S<id> duration - Try to respect MUTT_QUIET for IMAP contexts too - Limit recurse depth when parsing mime messages - Update to 20200320: * Bug Fixes - Fix COLUMNS env var - Fix sync after delete - Fix crash in notmuch - Fix sidebar indent - Fix emptying trash - Fix command line sending - Fix reading large address lists - Resolve symlinks only when necessary * Translations - lithuania 100% Lithuanian - es 96% Spanish * Docs - Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output - Fix case of GPGME and SQLite * Build - Create libcompress (lz4, zlib, zstd) - Create libhistory - Create libbcache - Move zstrm to libconn * Code - Add more test coverage - Rename magic to type - Use mutt_file_fopen() on config variables - Change commands to use intptr_t for data - Update to 20200313: * Window layout - Sidebar is only visible when it's usable. * Features - UI: add number of old messages to sidebar_format - UI: support ISO 8601 calendar date - UI: fix commands that don’t need to have a non-empty mailbox to be valid - PGP: inform about successful decryption of inline PGP messages - PGP: try to infer the signing key from the From address - PGP: enable GPGMe by default - Notmuch: use query as name for vfolder-from-query - IMAP: add network traffic compression (COMPRESS=DEFLATE, RFC4978) - Header cache: add support for generic header cache compression * Bug Fixes - Fix uncollapse_jump - Only try to perform entire-thread on maildir/mh mailboxes - Fix crash in pager - Avoid logging single new lines at the end of header fields - Fix listing mailboxes - Do not recurse a non-threaded message - Fix initial window order - Fix leaks on IMAP error paths - Notmuch: compose(attach-message): support notmuch backend - Fix IMAP flag comparison code - Fix $move for IMAP mailboxes - Maildir: maildir_mbox_check_stats should only update mailbox stats if requested - Fix unmailboxes for virtual mailboxes - Maildir: sanitize filename before hashing - OAuth: if 'login' name isn't available use 'user' - Add error message on failed encryption - Fix a bunch of crashes - Force C locale for email date - Abort if run without a terminal * Changed Config - $crypt_use_gpgme - Now defaults to 'yes' (enabled) - $abort_backspace - Hitting backspace against an empty prompt aborts the prompt - $abort_key - String representation of key to abort prompts - $arrow_string - Use an custom string for arrow_cursor - $crypt_opportunistic_encrypt_strong_keys - Enable encryption only when strong a key is available - $header_cache_compress_dictionary - Filepath to dictionary for zstd compression - $header_cache_compress_level - Level of compression for method - $header_cache_compress_method - Enable generic hcache database compression - $imap_deflate - Compress network traffic - $smtp_user - Username for the SMTP server * Translations - 100% Lithuanian - 81% Spanish - 78% Russian * Build - Add libdebug - Rename public headers to lib.h - Create libcompress for compressed folders code * Code - Refactor Windows and Dialogs - Lots of code tidying - Refactor: mutt_addrlist_{search,write} - Lots of improvements to the Config code - Use Buffers more pervasively - Unify API function naming - Rename library shared headers - Refactor libconn gui dependencies - Refactor: init.[ch] - Refactor config to use subsets - Config: add path type - Remove backend deps from the connection code * Upstream - Allow ~b ~B ~h patterns in send2-hook - Rename smime oppenc mode parameter to get_keys_by_addr() - Add $crypt_opportunistic_encrypt_strong_keys config var - Fix crash when polling a closed ssl connection - Turn off auto-clear outside of autocrypt initialization - Add protected-headers='v1' to Content-Type when protecting headers - Fix segv in IMAP postponed menu caused by reopen_allow - Adding ISO 8601 calendar date - Fix $fcc_attach to not prompt in batch mode - Convert remaining mutt_encode_path() call to use struct Buffer - Fix rendering of replacement_char when Charset_is_utf8 - Update to latest acutest.h - Update to 20191207: * Features: - compose: draw status bar with highlights * Bug Fixes: - crash opening notmuch mailbox - crash in mutt_autocrypt_ui_recommendation - Avoid negative allocation - Mbox new mail - Setting of DT_MAILBOX type variables from Lua - imap: empty cmdbuf before connecting - imap: select the mailbox on reconnect - compose: fix attach message * Build: - make files conditional * Code: - enum-ify log levels - fix function prototypes - refactor virtual email lookups - factor out global Context - Changes from 20191129: * Features: - Add raw mailsize expando (%cr) * Bug Fixes: - Avoid double question marks in bounce confirmation msg - Fix bounce confirmation - fix new-mail flags and behaviour - fix: browser <descend-directory> - fix ssl crash - fix move to trash - fix flickering - Do not check hidden mailboxes for new mail - Fix new_mail_command notifications - fix crash in examine_mailboxes() - fix crash in mutt_sort_threads() - fix: crash after sending - Fix crash in tunnel's conn_close - fix fcc for deep dirs - imap: fix crash when new mail arrives - fix colour 'quoted9' - quieten messages on exit - fix: crash after failed mbox_check - browser: default to a file/dir view when attaching a file * Changed Config: - Change $write_bcc to default off * Docs: - Add a bit more documentation about sending - Clarify $write_bcc documentation. - Update documentation for raw size expando - docbook: set generate.consistent.ids to make generated html reproducible * Build: - fix build/tests for 32-bit arches - tests: fix test that would fail soon - tests: fix context for failing idna tests - Update to 20191111: Bug fixes: * browser: fix directory view * fix crash in mutt_extract_token() * force a screen refresh * fix crash sending message from command line * notmuch: use nm_default_uri if no mailbox data * fix forward attachments * fix: vfprintf undefined behaviour in body_handler * Fix relative symlink resolution * fix: trash to non-existent file/dir * fix re-opening of mbox Mailboxes * close logging as late as possible * log unknown mailboxes * fix crash in command line postpone * fix memory leaks * fix icommand parsing * fix new mail interaction with mail_check_recent Moderate SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 SUSE bug 1179035 SUSE bug 1179113 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-28896 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libssh2_org fixes the following issues: - Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests - Version update to 1.8.2: [bsc#1130103] Bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1130103 SUSE bug 1178083 CVE-2019-17498 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.15 fixes the following issues: - go1.15.5 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages. * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362) * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367) * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366) * go#42169 cmd/compile, runtime, reflect: pointers to go:notinheap types must be stored indirectly in interfaces * go#42151 cmd/cgo: opaque struct pointers are broken since Go 1.15.3 * go#42138 time: Location interprets wrong timezone (DST) with slim zoneinfo * go#42113 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly * go#41914 net/http: request.Clone doesn't deep copy TransferEncoding * go#41704 runtime: macOS syscall.Exec can get SIGILL due to preemption signal * go#41463 compress/flate: deflatefast produces corrupted output * go#41387 x/net/http2: connection-level flow control not returned if stream errors, causes server hang * go#40974 cmd/link: sectionForAddress(0xA9D67F) address not in any section file Moderate SUSE bug 1175132 SUSE bug 1178750 SUSE bug 1178752 SUSE bug 1178753 CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179035 SUSE bug 1179113 CVE-2020-28896 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Fixed various issues discovered by fuzzing: - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515): This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176262 SUSE bug 1179193 CVE-2019-20916 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for minidlna fixes the following issues: minidlna was updated to version 1.3.0 (boo#1179447) - Fixed some build warnings when building with musl. - Use $USER instead of $LOGNAME for the default friendly name. - Fixed build with GCC 10 - Fixed some warnings from newer compilers - Disallow negative HTTP chunk lengths. [CVE-2020-28926] - Validate SUBSCRIBE callback URL. [CVE-2020-12695] - Fixed spurious warnings with ogg coverart - Fixed an issue with VLC where browse results would be truncated. - Fixed bookmarks on Samsung Q series - Added DSD file support. - Fixed potential stack smash vulnerability in getsyshwaddr on macOS. - Will now reload the log file on SIGHUP. - Worked around bad SearchCriteria from the Control4 Android app. - Increased max supported network addresses to 8. - Added forced alphasort capability. - Added episode season and number metadata support. - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option. - Fixed discovery when connected to certain WiFi routers. - Added FreeBSD kqueue support. - Added the ability to set the group to run as. Moderate SUSE bug 1179447 CVE-2020-12695 CVE-2020-28926 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-29369: There was a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bnc#1179432). - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c, where uninitialized memory could leak to userspace, aka CID-bcf85fcedfdd (bnc#1179429). - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141). - CVE-2020-25705: A flaw in the way reply ICMP packets are limited was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782). - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140). - CVE-2020-27777: Restricted RTAS requests from userspace (bsc#1179107). - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589). - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666). - CVE-2020-28941: Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once (bnc#1178740). - CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886). - CVE-2020-25669: Avoid a use-after-free in teardown paths in sunkbd (bsc#1178182). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - Convert trailing spaces and periods in path components (bsc#1179424). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: remove bogus debug code (bsc#1179427). - clk: define to_clk_regmap() as inline function (git-fixes). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI workaround for HD-audio (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - nvme: do not update disk info for multipathed device (bsc#1171558). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - reboot: fix overflow parsing reboot cpu number (git-fixes). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - usb: core: driver: fix stray tabs in error messages (git-fixes). - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). Important SUSE bug 1149032 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1160634 SUSE bug 1167773 SUSE bug 1170139 SUSE bug 1171073 SUSE bug 1171558 SUSE bug 1172873 SUSE bug 1173504 SUSE bug 1174852 SUSE bug 1175721 SUSE bug 1175918 SUSE bug 1176109 SUSE bug 1176180 SUSE bug 1176200 SUSE bug 1176481 SUSE bug 1176586 SUSE bug 1176855 SUSE bug 1176983 SUSE bug 1177066 SUSE bug 1177070 SUSE bug 1177353 SUSE bug 1177397 SUSE bug 1177666 SUSE bug 1177703 SUSE bug 1177820 SUSE bug 1178182 SUSE bug 1178227 SUSE bug 1178286 SUSE bug 1178304 SUSE bug 1178401 SUSE bug 1178426 SUSE bug 1178589 SUSE bug 1178635 SUSE bug 1178653 SUSE bug 1178659 SUSE bug 1178661 SUSE bug 1178669 SUSE bug 1178686 SUSE bug 1178740 SUSE bug 1178755 SUSE bug 1178762 SUSE bug 1178782 SUSE bug 1178838 SUSE bug 1178853 SUSE bug 1178886 SUSE bug 1179001 SUSE bug 1179012 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179076 SUSE bug 1179082 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179160 SUSE bug 1179201 SUSE bug 1179211 SUSE bug 1179217 SUSE bug 1179424 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179429 SUSE bug 1179432 CVE-2020-15436 CVE-2020-15437 CVE-2020-25669 CVE-2020-25705 CVE-2020-27777 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29371 CVE-2020-4788 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-pip fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u275 (icedtea 3.17.1) * JDK-8214440, bsc#1179441: Fix StartTLS functionality that was broken in openjdk272. (bsc#1179441) * JDK-8223940: Private key not supported by chosen signature algorithm * JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding * JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) * PR3815: Fix new s390 size_t issue in g1ConcurrentMarkObjArrayProcessor.cpp This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179441 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1178168 CVE-2020-25659 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for pngcheck fixes the following issues: - CVE-2020-27818: Fixed a global buffer overflow in check_chunk_name function via crafted pngfile (boo#1179528). Moderate SUSE bug 1179528 CVE-2020-27818 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: - Update to version 72.0.3815.400 - DNA-88996 [Mac] Vertical spacing of sidebar items incorrect - DNA-89698 [Mac] text on bookmark bar not visible when application is not focused - DNA-89746 Add product-name switch to Opera launcher and installer - DNA-89779 Implement multi-window behavior for pinned Player - DNA-89924 Music continue to play after the disabling Player from Sidebar - DNA-89994 Fix progress bar shape and color - DNA-89995 Fix font sizes, weights and colors of text in control panel - DNA-90010 Payment Methods in Settings mention Google account - DNA-90022 [Mac][BigSur] Crash at -[BrowserWindowController window:willPositionSheet:usingRect:] - DNA-90025 Player stays in the autopause after reloading panel – part 2 - DNA-90096 Sidebar click stat not collected for Player - DNA-90143 Adding a stat for Player sidebar clicks to the Avro schema - Update to version 72.0.3815.378 - CHR-8192 Update chromium on desktop-stable-86-3815 to 86.0.4240.198 - DNA-86550 XHRUint8Array test time out - DNA-88631 Unintended volume drop - DNA-88708 [Snap] Inproper area snapped - DNA-88726 [Mac] Overlay ‘pause’ icon when Opera auto-pauses the Player - DNA-88903 Detach video button should not be visible - DNA-88938 Make home page reflect service configuration - DNA-88943 Learn more link on home page doesnt work - DNA-88944 Apple Music service slow to open - DNA-88948 Fetch audio focus request id from MediaSession - DNA-88949 Detach video button missing - DNA-88966 No accessiblity titles for services icons in home page - DNA-88967 Investigate creating a single BrowserSidebarModel instance - DNA-88995 Overlay “pause” is displayed when it shouldn’t - DNA-89017 Error when signing out of YouTube Music - DNA-89054 Audio is not resumed when muting audio in tab - DNA-89094 DCHECK when pressing Reload button - DNA-89095 Manage service data through PlayerService - DNA-89100 [Player] Crash – many scenarios - DNA-89187 Reload button doesn’t work properly - DNA-89189 Update icons and buttons - DNA-89217 Enable #player-service on developer stream - DNA-89220 SidebarCarouselTests.* failing - DNA-89230 Crash at v8::Context::Enter() - DNA-89244 Define default widths per service - DNA-89245 Improve Spotify logo layout in home page buttons - DNA-89248 Crash at opera::WebPageBrowserSidebarItemContentViewViews ::UpdatePlayerService() - DNA-89278 [Sidebar] No notification for downloads and workspaces - DNA-89285 [Engine] Unable to launch skype with Opera - DNA-89292 Do not block page loads waiting for sitecheck data - DNA-89316 Should be able to navigate directly to playerServices section in settings - DNA-89339 Make popup appear with tooltip-like behavior - DNA-89340 Implement control panel looks in light and dark mode - DNA-89341 Make the control panel buttons work - DNA-89342 Add support for the DNA to the rollout system - DNA-89344 Show Music Service icon in the control panel - DNA-89360 Make ‘Settings’ menu entry go to settings - DNA-89366 Make opera://feedback/babe attachable by the webdriver - DNA-89419 Crash at base::Value::GetAsDictionary (base::DictionaryValue const**) const - DNA-89469 Autopause does not work - DNA-89477 Do not wait with starting the player if the interrupting session is short - DNA-89480 Crash when hovering player panel - DNA-89484 Crash at base::internal::CheckedObserverAdapter ::IsMarkedForRemoval() - DNA-89489 Put control panel behind feature flag - DNA-89514 Implement feedback button for Player - DNA-89516 Do not auto-pause the Player when there is no sound - DNA-89553 Make the control panel show current song - DNA-89557 No accessibility title for rating and close buttons inside feedback dialog - DNA-89561 Make the control panel show artwork that represents current track - DNA-89575 Handle longer track and artist names - DNA-89577 Make progress bar work correctly - DNA-89630 Controler pop-up is too high (and service logo too) - DNA-89634 Panel width is reset when it shouldn’t - DNA-89654 Request higher resolution images for HiDPI - DNA-89655 Enable #player-service-control-panel on Developer stream - DNA-89671 No accessiblity titles for control panel elements - DNA-89672 String change “A world of music…” - DNA-89679 Player — don’t show control panel when Player in sidebar is opened - DNA-89722 Album cover arts are not visible - DNA-89766 Address bar does not respond to actions - DNA-89776 Control panel does not disappear after hovering elsewhere - DNA-89778 Implement multi-window behavior when no Player is pinned - DNA-89795 Player is enable after Opera restart (when in Settings was turned off) - DNA-89803 Artwork is cropped to the right - DNA-89812 Sidebar panel should hide when toggle between windows - DNA-89820 Incorrect music services for Philippines - DNA-89846 Do not show the control panel if there is nothing to show - DNA-89878 Clarify notification dot for messengers - DNA-89901 [Mac][Player] Zombie crash at exit - DNA-89952 Crash at opera::BrowserSidebarPlayerItemContentViewViews ::LoadPlayerServiceURL() - DNA-89964 Player stays in the autopause after reloading panel - DNA-89971 Multi window behaviour is not respected anymore - DNA-89976 Disallow docking for Player - DNA-89986 Enable #player-service and #player-service-control-panel on all streams - DNA-90006 Change services order in RU/UA/BY - The update to chromium 86.0.4240.198 fixes following issues: CVE-2020-16013, CVE-2020-16017 Important CVE-2020-16013 CVE-2020-16017 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Update to 87.0.4280.88 (boo#1179576) - CVE-2020-16037: Use after free in clipboard - CVE-2020-16038: Use after free in media - CVE-2020-16039: Use after free in extensions - CVE-2020-16040: Insufficient data validation in V8 - CVE-2020-16041: Out of bounds read in networking - CVE-2020-16042: Uninitialized Use in V8 Important SUSE bug 1179576 CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit (bsc#1169614) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1169614 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nsd fixes the following issues: nsd was updated to the new upstream release 4.3.4 FEATURES: - Merge PR #141: ZONEMD RR type. BUG FIXES: - Fix that symlink does not interfere with chown of pidfile (boo#1179191, CVE-2020-28935) - Fix #128: Fix that the invalid port number is logged for sendmmsg failed: Invalid argument. - Fix #133: fix 0-init of local ( stack ) buffer. - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN. - Fix to add missing closest encloser NSEC3 for wildcard nodata type DS answer. - Fix #138: NSD returns non-EDNS answer when QUESTION is empty. - Fix #142: NODATA answers missin SOA in authority section after CNAME chain. New upstream release 4.3.3: FEATURES: - Follow DNS flag day 2020 advice and set default EDNS message size to 1232. - Merged PR #113 with fixes. Instead of listing an IP-address to listen on, an interface name can be specified in nsd.conf, with ip-address: eth0. The IP-addresses for that interface are then used. - New upstream release 4.3.2 FEATURES: - Fix #96: log-only-syslog: yes sets to only use syslog, fixes that the default configuration and systemd results in duplicate log messages. - Fix #107: nsd -v shows configure line, openssl version and libevent version. - Fix #103 with #110: min-expire-time option. To provide a lower bound for expire period. Expressed in number of seconds or refresh+retry+1. BUG FIXES: - Fix to omit the listen-on lines from log at startup, unless verbose. - Fix #97: EDNS unknown version: query not in response. - Fix #99: Fix copying of socket properties with reuseport enabled. - Document default value for tcp-timeout. - Merge PR#102 from and0x000: add missing default in documentation for drop-updates. - Fix unlink of pidfile warning if not possible due to permissions, nsd can display the message at high verbosity levels. - Removed contrib/nsd.service, example is too complicated and not useful. - Merge #108 from Nomis: Make the max-retry-time description clearer. - Retry when udp send buffer is full to wait until buffer space is available. - Remove errno reset behaviour from sendmmsg and recvmmsg replacement functions. - Fix unit test for different nsd-control-setup -h exit code. - Merge #112 from jaredmauch: log old and new serials when NSD rejects an IXFR due to an old serial number. - Fix #106: Adhere better to xfrd bounds. Refresh and retry times. - Fix #105: Clearing hash_tree means just emptying the tree. New upstream release 4.3.1 BUG FIXES: - Merge PR #91 by gearnode: nsd-control-setup recreate certificates. The '-r' option recreates certificates. Without it it creates them if they do not exist, and does not modify them otherwise. New upstream release 4.3.0 FEATURES: - Fix to use getrandom() for randomness, if available. - Fix #56: Drop sparse TSIG signing support in NSD. Sign every axfr packet with TSIG, according to the latest draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1. - Merge pull request #59 from buddyns: add FreeBSD support for conf key ip-transparent. - Add feature to pin server processes to specific cpus. - Add feature to pin IP addresses to selected server processes. - Set process title to identify individual processes. - Merge PR#22: minimise-any: prefer polular and not large RRset, from Daisuke Higashi. - Add support for SO_BINDTODEVICE on Linux. - Add feature to drop queries with opcode UPDATE. BUG FIXES: - Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters. - use-systemd is ignored in nsd.conf, when NSD is compiled with libsystemd it always signals readiness, if possible. - Note that use-systemd is not necessary and ignored in man page. - Fix responses for IXFR so that the authority section is not echoed in the response. - Fix that the retry wait does not exceed one day for zone transfers. - Update keyring as per https://nlnetlabs.nl/people/ New upstream release 4.2.3: * confine-to-zone configures NSD to not return out-of-zone additional information. * pidfile '' allows to run NSD without a pidfile * adds support for readiness notification with READY_FD * fix excessive logging of ixfr failures, it stops the log when fallback to axfr is possible. log is enabled at high verbosity. * The nsd.conf includes are sorted ascending, for include statements with a '*' from glob. * Fix log address and failure reason with tls handshake errors, squelches (the same as unbound) some unless high verbosity is used. * Number of different UDP handlers has been reduced to one. recvmmsg and sendmmsg implementations are now used on all platforms. * Socket options are now set in designated functions for easy reuse. * Socket setup has been simplified for easy reuse. * Configuration parser is now aware of the context in which an option was specified. * document that remote-control is a top-level nsd.conf attribute. - Remove legacy upgrade of nsd users in %post (boo#1157331) New upstream release 4.2.2: * Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the dname_concatenate() function. Reported by Frederic Cambus. It causes the zone parser to crash on a malformed zone file, with assertions enabled, an assertion catches it. * Fix #19: Out-of-bounds read caused by improper validation of array index. Reported by Frederic Cambus. The zone parser fails on type SIG because of mismatched definition with RRSIG. * PR #23: Fix typo in nsd.conf man-page. * Fix that NSD warns for wrong length of the hash in SSHFP records. * Fix #25: NSD doesn't refresh zones after extended downtime, it refreshes the old zones. * Set no renegotiation on the SSL context to stop client session renegotiation. * Fix #29: SSHFP check NULL pointer dereference. * Fix #30: SSHFP check failure due to missing domain name. * Fix to timeval_add in minievent for remaining second in microseconds. * PR #31: nsd-control: Add missing stdio header. * PR #32: tsig: Fix compilation without HAVE_SSL. * Cleanup tls context on xfrd exit. * Fix #33: Fix segfault in service of remaining streams on exit. * Fix error message for out of zone data to have more information. New upstream release 4.2.1: * FEATURES: - Added num.tls and num.tls6 stat counters. - PR #12: send-buffer-size, receive-buffer-size, tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek. - Fix #14, tcp connections have 1/10 to be active and have to work every second, and then they get time to complete during a reload, this is a process that lingers with the old version during a version update. * BUG FIXES: - Fix #13: Stray dot at the end of some log entries, removes dot after updated serial number in log entry. - Fix TLS cipher selection, the previous was redundant, prefers CHACHA20-POLY1305 over AESGCM and was not as readable as it could be. - Fix #15: crash in SSL library, initialize variables for TCP access when TLS is configured. - Fix tls handshake event callback function mistake, reported by Mykhailo Danylenko. - Fix output of nsd-checkconf -h. New upstream release 4.2.0: * Implement TCP fast open * Added DNS over TLS * TLS OCSP stapling support with the tls-service-ocsp option * New option hide-identity can be used in nsd.conf to stop NSD from responding with the hostname for probe queries that elicit the chaos class response, this is conform RFC4892 * Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE Update to upstream release 4.1.27: * FEATURES: - Deny ANY with only one RR in response, by default. Patch from Daisuke Higashi. The deny-any statement in nsd.conf sets ANY queries over UDP to be further moved to TCP as well. Also no additional section processig for type ANY, reducing the response size. - Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig and del_tsig. These changes are gone after reload, edit the config file (or a file included from it) to make changes that last after restart. * BUG FIXES: Update to upstream release 4.1.26: * FEATURES: - DNSTAP support for NSD, --enable-dnstap and then config in nsd.conf. - Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes option in nsd.conf. - Added nsd-control changezone. nsd-control changezone name pattern allows the change of a zone pattern option without downtime for the zone, in one operation. * BUG FIXES: - Fix #4194: Zone file parser derailed by non-FQDN names in RHS of DNSSEC RRs. - Fix #4202: nsd-control delzone incorrect exit code on error. - Fix to not set GLOB_NOSORT so the nsd.conf include: files are sorted and in a predictable order. - Fix #3433: document that reconfig does not change per-zone stats. Update to upstream release 4.1.25: * FEATURES: - nsd-control prints neater errors for file failures. * BUG FIXES: - Fix that nsec3 precompile deletion happens before the RRs of the zone are deleted. - Fix printout of accepted remote control connection for unix sockets. - Fix use_systemd typo/leftover in remote.c. - Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu. - append_trailing_slash has one implementation and is not repeated differently. - Fix coding style in nsd.c - Fix to combine the same error function into one, from Xiaobo Liu. - Fix initialisation in remote.c. - please clang analyzer and fix parse of IPSECKEY with bad gateway. - Fix nsd-checkconf fail on bad zone name. - Annotate exit functions with noreturn. - Remove unused if clause during server service startup. - Fix #4156: Fix systemd service manager state change notification When it is compiled, systemd readiness signalling is enabled. The option in nsd.conf is not used, it is ignored when read. Update to upstream release 4.1.24: - Features * #4102: control interface via local socket * configure --enable-systemd (needs pkg-config and libsystemd) can be used to then use-systemd: yes in nsd.conf and have readiness signalling with systemd. * RFC8162 support, for record type SMIMEA. - Bug Fixes * Patch to fix openwrt for mac os build darwin detection in configure. * Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS. * #4106: Fix that stats printed from nsd-control are recast from unsigned long to unsigned (remote.c). * Fix that type CAA (and URI) in the zone file can contain dots when not in quotes. * #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM chain, NSD leniently attempts to find a working NSEC3PARAM. Update to upstream release 4.1.23: - Fix NSD time sensitive TSIG compare vulnerability. Update to upstream release 4.1.22: - Features: * refuse-any sends truncation (+TC) in reply to ANY queries over UDP, and allows TCP queries like normal. * Use accept4 to speed up answer of TCP queries - Bug fixes: * Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones. * Fix to use same condition for nsec3 hash allocation and free. - Changes in version 4.1.21: - Features: * --enable-memclean cleans up memory for use with memory checkers, eg. valgrind. * refuse-any nsd.conf option that refuses queries of type ANY. * lower memory usage for tcp connections, so tcp-count can be higher. - Bug fixes: * Fix spelling error in xfr-inspect. * Fix buffer size warnings from compiler on filename lengths. Moderate SUSE bug 1157331 SUSE bug 1179191 CVE-2019-13207 CVE-2020-28935 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). - Initialized dh->nid to NID_undef in DH_new_method() (bsc#1177673). - Fixed a test failure in apache_ssl in fips mode (bsc#1177793). - Renamed BN_get_rfc3526_prime_* functions back to get_rfc3526_prime_* (bsc#1177575). - Restored private key check in EC_KEY_check_key (bsc#1177479). - Added shared secret KAT to FIPS DH selftest (bsc#1176029). - Included ECDH/DH Requirements from SP800-56Arev3 (bsc#1176029). - Used SHA-2 in the RSA pairwise consistency check (bsc#1155346) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1155346 SUSE bug 1176029 SUSE bug 1177479 SUSE bug 1177575 SUSE bug 1177673 SUSE bug 1177793 SUSE bug 1179491 CVE-2020-1971 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1177120 CVE-2020-26137 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1179398 SUSE bug 1179399 SUSE bug 1179593 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1173513 CVE-2020-14145 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mariadb fixes the following issues: Update to 10.4.17 [bsc#1177472] and [bsc#1178428] - fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789, CVE-2020-15180 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1177472 SUSE bug 1178428 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: define to_clk_regmap() as inline function (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process. - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kABI workaround for HD-audio (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - power: supply: bq27xxx: report 'not charging' on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - reboot: fix overflow parsing reboot cpu number (git-fixes). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'. - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes). - Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger -<dimstar@opensuse.org> - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). kernel-default-base fixes the following issues: - Add wireguard kernel module (bsc#1179225) - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1149032 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1160634 SUSE bug 1166146 SUSE bug 1166166 SUSE bug 1167030 SUSE bug 1167773 SUSE bug 1170139 SUSE bug 1171073 SUSE bug 1171558 SUSE bug 1172873 SUSE bug 1173504 SUSE bug 1174852 SUSE bug 1175306 SUSE bug 1175918 SUSE bug 1176109 SUSE bug 1176180 SUSE bug 1176200 SUSE bug 1176481 SUSE bug 1176586 SUSE bug 1176855 SUSE bug 1176983 SUSE bug 1177066 SUSE bug 1177070 SUSE bug 1177353 SUSE bug 1177397 SUSE bug 1177577 SUSE bug 1177666 SUSE bug 1177703 SUSE bug 1177820 SUSE bug 1178123 SUSE bug 1178182 SUSE bug 1178227 SUSE bug 1178286 SUSE bug 1178304 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178401 SUSE bug 1178426 SUSE bug 1178461 SUSE bug 1178579 SUSE bug 1178581 SUSE bug 1178584 SUSE bug 1178585 SUSE bug 1178589 SUSE bug 1178635 SUSE bug 1178653 SUSE bug 1178659 SUSE bug 1178661 SUSE bug 1178669 SUSE bug 1178686 SUSE bug 1178740 SUSE bug 1178755 SUSE bug 1178762 SUSE bug 1178838 SUSE bug 1178853 SUSE bug 1178886 SUSE bug 1179001 SUSE bug 1179012 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179076 SUSE bug 1179082 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179160 SUSE bug 1179201 SUSE bug 1179211 SUSE bug 1179217 SUSE bug 1179225 SUSE bug 1179419 SUSE bug 1179424 SUSE bug 1179425 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179429 SUSE bug 1179432 SUSE bug 1179442 SUSE bug 1179550 CVE-2020-15436 CVE-2020-15437 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-27777 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29371 CVE-2020-4788 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for audacity fixes the following issues: - CVE-2020-11867: Avoid saving temporary files to /var/tmp/audacity-$USER by default, which permissions are set to 755. (bsc#1179449) Moderate SUSE bug 1179449 CVE-2020-11867 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. (jsc#ECO-3010,bsc#1118459) Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) Update to 0.102.4 * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. Update to 0.102.3 * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. * Fix 'Attempt to allocate 0 bytes' error when parsing some PDF documents. * Fix a couple of minor memory leaks. * Updated libclamunrar to UnRAR 5.9.2. Update to 0.102.2: * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * Significantly improved the scan speed of PDF files on Windows. * Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. * Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. * Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. * Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals. * Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. * Fix for freshclam's OnOutdatedExecute config option. * Fixes a memory leak in the error condition handling for the email parser. * Improved bound checking and error handling in ARJ archive parser. * Improved error handling in PDF parser. * Fix for memory leak in byte-compare signature handler. - The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start) Update to 0.102.1: * CVE-2019-15961, bsc#1157763: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. * Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. * Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. * Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. * Null-dereference fix in email parser when using the --gen-json metadata option. * Fixes for Authenticode parsing and certificate signature (.crb database) bugs. Update to 0.102.0: * The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: - On-Access scanning for created and moved files (Extra-Scanning) is fixed. - VirusEvent for On-Access scans is fixed. - With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. * The freshclam database update utility has undergone a significant update. This includes: - Added support for HTTPS. - Support for database mirrors hosted on ports other than 80. - Removal of the mirror management feature (mirrors.dat). - An all new libfreshclam library API. - created new subpackage libfreshclam2 Update to 0.101.4: * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * bsc#1144504: ZIP bomb causes extreme CPU spikes Update to version 0.101.2 (bsc#1130721) * CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. * CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. * CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. * CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking. * CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. * CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1104457 SUSE bug 1118459 SUSE bug 1130721 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 CVE-2019-12625 CVE-2019-12900 CVE-2019-15961 CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1150164 SUSE bug 1161913 SUSE bug 1167939 SUSE bug 1172798 SUSE bug 1178577 SUSE bug 1178614 SUSE bug 1178624 SUSE bug 1178675 CVE-2020-13844 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for webkit2gtk3 fixes the following issues: -webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451): - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution. - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution. - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (bsc#1171531). - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop (bsc#1177087). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1171531 SUSE bug 1177087 SUSE bug 1179122 SUSE bug 1179451 CVE-2020-13543 CVE-2020-13584 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ovmf fixes the following issues: - CVE-2019-14584: Fixed a null dereference in AuthenticodeVerify() (bsc#1177789). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1177789 CVE-2019-14584 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6 * new: MailExtensions: Added browser.windows.openDefaultBrowser() (bmo#1664708) * changed: Thunderbird now only shows quota exceeded indications on the main window (bmo#1671748) * changed: MailExtensions: menus API enabled in messages being composed (bmo#1670832) * changed: MailExtensions: Honor allowScriptsToClose argument in windows.create API function (bmo#1675940) * changed: MailExtensions: APIs that returned an accountId will reflect the account the message belongs to, not what is stored in message headers (bmo#1644032) * fixed: Keyboard shortcut for toggling message 'read' status not shown in menus (bmo#1619248) * fixed: OpenPGP: After importing a secret key, Key Manager displayed properties of the wrong key (bmo#1667054) * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041) * fixed: OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux (bmo#1634053) * fixed: OpenPGP: Encrypted attachment 'Decrypt and Open/Save As' did not work (bmo#1663169) * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757) * fixed: OpenPGP: Verification of clear signed UTF-8 text failed (bmo#1679756) * fixed: Address book: Some columns incorrectly displayed no data (bmo#1631201) * fixed: Address book: The address book view did not update after changing the name format in the menu (bmo#1678555) * fixed: Calendar: Could not import an ICS file into a CalDAV calendar (bmo#1652984) * fixed: Calendar: Two 'Home' calendars were visible on a new profile (bmo#1656782) * fixed: Calendar: Dark theme was incomplete on Linux (bmo#1655543) * fixed: Dark theme did not apply to new mail notification popups (bmo#1681083) * fixed: Folder icon, message list, and contact side bar visual improvements (bmo#1679436) * fixed: MailExtensions: HTTP refresh in browser content tabs did not work (bmo#1667774) * fixed: MailExtensions: messageDisplayScripts failed to run in main window (bmo#1674932) * fixed: Various security fixes MFSA 2020-56 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6 This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1180155, bsc#1179802). Non-security issues fixed: - Update to 15.2.8-80-g1f4b6229ca: + Rebase on tip of upstream 'octopus' branch, SHA1 bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55 * upstream Octopus v15.2.8 release, see https://ceph.io/releases/v15-2-8-octopus-released/ - Update to 15.2.7-776-g343cd10fe5: + Rebase on tip of upstream 'octopus' branch, SHA1 1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1 + (bsc#1179016) rpm: require smartmontools on SUSE + (bsc#1180107) ceph-volume: pass --filter-for-batch from drive-group subcommand This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1178860 SUSE bug 1179016 SUSE bug 1179802 SUSE bug 1180107 SUSE bug 1180155 CVE-2020-27781 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(…). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1155094 SUSE bug 1174091 SUSE bug 1174571 SUSE bug 1174701 SUSE bug 1177211 SUSE bug 1178009 SUSE bug 1179193 SUSE bug 1179630 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-14422 CVE-2020-26116 CVE-2020-27619 CVE-2020-8492 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for blosc fixes the following issues: Update to version 1.20.1 boo#1179914 CVE-2020-29367: * More saftey checks have been implemented so that potential flaws discovered by new fuzzers in OSS-Fuzzer are fixed now * BloscLZ updated to 2.3.0. Expect better compression ratios for faster codecs. For details, see our new blog post: https://blosc.org/posts/beast-release/ * Fixed the _xgetbv() collision. Thanks to Michał G?rny (@mgorny). Update to version 1.19.0: * The length of automatic blocksizes for fast codecs (lz4, blosclz) has been incremented quite a bit (up to 256 KB) for better compression ratios. * The performance in modern CPUs (with at least 256 KB in L2 cache) should be better too (for older CPUs the performance should stay roughly the same). * For small buffers that cannot be compressed (typically < 128 bytes), blosc_compress() returns now a 0 (cannot compress) instead of a negative number (internal error). See #294. * blosclz codec updated to 2.1.0. Expect better compression ratios and performance in a wider variety of scenarios. * blosc_decompress_unsafe(), blosc_decompress_ctx_unsafe() and blosc_getitem_unsafe() have been removed because they are dangerous and after latest improvements, they should not be used in production. Update to version 1.18.1: * Fixed the copy of the leftovers of a chunk when its size is not a multiple of the typesize. Update to version 1.17.1: * BloscLZ codec updated to 2.0.0. Update to version 1.16.3: * Fix for building for clang with -march=haswell. See PR #262. * Fix all the known warnings for GCC/Clang. Still some work to do for MSVC in this front. * Due to some problems with several CI systems, the check for library symbols are deactivated now by default. If you want to enforce this check, use: cmake .. -DDEACTIVATE_SYMBOLS_CHECK=ON to re-activate it. * Correct the check for the compressed size when the buffer is memcpyed. This was a regression introduced in 1.16.0. Fixes #261. * Fixed a regression in 1.16.0 that prevented to compress empty buffers (see #260). * Now the functions that execute Blosc decompressions are safe by default for untrusted/possibly corrupted inputs. * The previous functions (with less safety) checks are still available with a '_unsafe' suffix. The complete list is: * Also, a new API function named blosc_cbuffer_validate(), for validating Blosc compressed data, has been added. * For details, see PR #258. Thanks to Jeremy Maitin-Shepard. * Fixed a bug in blosc_compress() that could lead to thread deadlock under some situations. See #251. Thanks to @wenjuno for the report and the fix. * Fix data race in shuffle.c host_implementation initialization. Fixes #253. Thanks to Jeremy Maitin-Shepard. * Add workaround for Visual Studio 2008's lack of a stdint.h file to blosclz.c. * Replaced //-comments with /**/-comments and other improvements for compatibility with quite old gcc compilers. See PR #243. Thanks to Andreas Martin. * Empty buffers can be compressed again (this was unadvertedly prevented while fixing #234). See #247. Thanks to Valentin Haenel. Update to version 1.14.4: * Added a new DEACTIVATE_SSE2 option for cmake that is useful for disabling SSE2 when doing cross-compilation (see #236). * New check for detecting output buffers smaller than BLOSC_MAX_OVERHEAD. * The complib and version parameters for blosc_get_complib_info() can be safely set to NULL now. This allows to call this function even if the user is not interested in these parameters (so no need to reserve memory for them). * In some situations that a supposedly blosc chunk is passed to blosc_decompress(), one might end with an Arithmetic exception. This is probably due to the chunk not being an actual blosc chunk, and divisions by zero might occur. A protection has been added for this. Update to version 1.14.3: * Fixed a bug that caused C-Blosc to crash on platforms requiring strict alignment. * Fixed a piece of code that was not C89 compliant. Moderate SUSE bug 1174075 SUSE bug 1179914 CVE-2020-29367 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for kdeconnect-kde fixes the following issue: - Add fingerprinting for device verification (boo#1177672). Important SUSE bug 1177672 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for PackageKit fixes the following issue: - CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930). - Update summary and description of gstreamer-plugin and gtk3-module. (bsc#1104313) This update was imported from the SUSE:SLE-15-SP2:Update update project. Low SUSE bug 1104313 SUSE bug 1176930 CVE-2020-16121 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for flac fixes the following issues: - CVE-2020-0487: Fixed a memory leak (bsc#1180112). - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1180099 SUSE bug 1180112 CVE-2020-0487 CVE-2020-0499 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openexr fixes the following issues: Security issues fixed: - CVE-2020-16587: Fixed a heap-based buffer overflow in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp (bsc#1179879). - CVE-2020-16588: Fixed a null pointer deference in generatePreview (bsc#1179879). - CVE-2020-16589: Fixed a heap-based buffer overflow in writeTileData in ImfTiledOutputFile.cpp (bsc#1179879). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1179879 CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: - Update to version 73.0.3856.284 - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88 - DNA-88454 Background of snap area above visible scrolled viewport is not captured - DNA-89749 Implement client_capabilities support for Flow / Sync - DNA-89810 Opera no longer autoselects full url/address bar when clicked - DNA-89923 [Snap] Emojis look grayed out - DNA-90060 Make gesture events work with search-in-tabs feature - DNA-90168 Display SD suggestions titles - DNA-90176 Player doesn’t show music service to choose on Welcome page - DNA-90343 [Mac] Cmd+C doesn’t copy snapshot - DNA-90538 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042 - Update to version 73.0.3856.257 - DNA-89918 #enable-force-dark flag doesn’t work anymore - DNA-90061 Clicking on video’s progress bar breaks autopausing - DNA-90079 [BigSur] Blank pages - DNA-90154 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - Complete Opera 73.0 changelog at: https://blogs.opera.com/desktop/changelog-for-73/ Important CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for groovy fixes the following issues: - groovy was updated to 2.4.21 - CVE-2020-17521: Fixed an information disclosure vulnerability (bsc#1179729). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1179729 CVE-2020-17521 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution (bsc#1143436). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1143436 CVE-2019-3881 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bluez fixes the following issues: - CVE-2020-0556: Fixed an improper access control which could have allowed an unauthenticated user to potentially enable escalation of privilege and denial of service (bsc#1166751). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1166751 CVE-2020-0556 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1132091 CVE-2019-11023 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos (bsc#1133035). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1133035 CVE-2019-3902 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP redirect (bsc#1173026). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1173026 SUSE bug 1173027 CVE-2020-8169 CVE-2020-8177 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for grafana, grafana-piechart-panel, grafana-status-panel fixes the following issues: grafana was updated to version 7.0.3: * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1170557 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium was updated to 83.0.4103.116 (boo#1173251): * CVE-2020-6509: Use after free in extensions Chromium was updated to 83.0.4103.106 (boo#1173029): * CVE-2020-6505: Use after free in speech * CVE-2020-6506: Insufficient policy enforcement in WebView * CVE-2020-6507: Out of bounds write in V8 Other fixes: - Add patch to work with new ffmpeg wrt boo#1173292: - Add multimedia fix for disabled location and also try one additional patch from Debian on the same issue boo#1173107 - Disable wayland integration on 15.x boo#1173187 boo#1173188 boo#1173254 - Enforce to not use system borders boo#1173063 Important SUSE bug 1173029 SUSE bug 1173063 SUSE bug 1173107 SUSE bug 1173187 SUSE bug 1173188 SUSE bug 1173251 SUSE bug 1173254 SUSE bug 1173292 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1132091 CVE-2019-11023 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target (bsc#1171889). - CVE-2020-12663: Fixed an issue where malformed answers from upstream name servers could have been used to make unbound unresponsive (bsc#1171889). - CVE-2019-18934: Fixed a vulnerability in the IPSec module which could have allowed code execution after receiving a special crafted answer (bsc#1157268). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1157268 SUSE bug 1171889 CVE-2019-18934 CVE-2020-12662 CVE-2020-12663 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for squid fixes the following issues: squid was updated to version 4.12 Security issue fixed: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). Other issues addressed: - Reverted to slow search for new SMP shm pages due to a regression - Fixed an issue where negative responses were never cached - Fixed stall if transaction was overwriting a recently active cache entry This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173304 CVE-2020-14059 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 [Mac] Tabs shrinking & disappearing - DNA-85629 Crash at opera::DownloadButtonPanel::ShouldShowCancelButton() - DNA-85669 Add mocking of AddressDropdownModel in AddressBarControllerTest - DNA-85678 Wrong badge icon on pages with mixed content on desktop-stable-81-3618 - DNA-85820 Flags are blue in default [D] state after restart - DNA-85822 Full screen snap on pkobp.pl - DNA-86077 Problem to upload .JPG file as an wallpaper - DNA-86165 Downloads list doesn’t returns to its original state after clearing search filter - DNA-86236 [Mac] Plus button click area too small - DNA-86241 X tab button is not visible - DNA-86217 Fix performance issue with Background Worker Important CVE-2020-6464 CVE-2020-6831 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19462: relay_open in kernel/relay.c allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2019-20812: The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-10751: SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10766: Fixed rogue cross-process SSBD shutdown. Linux scheduler logical bug allowed an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Fixed that Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-10768: Fixed that indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command (bnc#1172783). - CVE-2020-10773: Fixed a kernel stack information leak on s390/s390x. (bnc#1172999). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation due to lack of certain domain_release calls (bnc#1171219). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8 (bnc#1171983). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relied on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read, aka CID-15753588bcd4 (bnc#1171982). - CVE-2020-13974: tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). The following non-security bugs were fixed: - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not 'select' CONFIG_DMADEVICES (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - Delete patches.suse/seltests-powerpc-Add-a-selftest-for-memcpy_mcsafe.patch (bsc#1171699). - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: do not let vrate run wild while there's no saturation signal (bsc1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - jbd2: fix data races at struct journal_head (bsc#1173438). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Uplevel the pmem 'region' ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the 'Reducing compressed framebufer size' message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cedrus: Program output format during each run (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert 'staging: imgu: Address a compiler warning on alignment' (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (bnc#1158748 (network regression)). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - p54usb: add AirVasT USB stick device-id (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on 'Detachable' and 'Portable' chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / 'Laptop' chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - Revert 'drm/amd/display: disable dcn20 abm feature for bring up' (git-fixes). - Revert 'fs/seq_file.c: seq_read(): add info message about buggy .next functions' (bsc#1172751) The message floods dmesg and its benefit is marginal in default kernel. - Revert 'pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'' (git-fixes). - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/modules.fips: * add aes-ce-ccm and des3_ede-x86_64 (boo#173030) * add aes_ti and aes_neon_bs (boo#1172956) - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix PI boosting between RT and DEADLINE tasks (git fixes (sched)). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Copyright updates for 12.6.0.4 patches (bsc#1171530). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: use 'smp_mb()' to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - torture: Allow 'CFLIST' to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - Update config files: Add CONFIG_PINCTRL_TIGERLAKE=m - Update patch reference for intel_th patch (jsc#SLE-12705) - Update the patch reference for ish-hid fix (jsc#SLE-12683) - usb: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - usb: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usb: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - usb: serial: qcserial: add DW5816e QDL support (git-fixes). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - usb: usbfs: fix mmap dma mismatch (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). Important SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1148868 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1154492 SUSE bug 1155518 SUSE bug 1155798 SUSE bug 1156395 SUSE bug 1157169 SUSE bug 1158050 SUSE bug 1158242 SUSE bug 1158265 SUSE bug 1158748 SUSE bug 1158765 SUSE bug 1159781 SUSE bug 1159867 SUSE bug 1160947 SUSE bug 1161495 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1162400 SUSE bug 1164648 SUSE bug 1164777 SUSE bug 1164780 SUSE bug 1165211 SUSE bug 1165975 SUSE bug 1166985 SUSE bug 1167104 SUSE bug 1167651 SUSE bug 1168230 SUSE bug 1168779 SUSE bug 1168838 SUSE bug 1169021 SUSE bug 1169194 SUSE bug 1169514 SUSE bug 1169681 SUSE bug 1170011 SUSE bug 1170442 SUSE bug 1170774 SUSE bug 1170879 SUSE bug 1170891 SUSE bug 1170895 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171246 SUSE bug 1171417 SUSE bug 1171513 SUSE bug 1171530 SUSE bug 1171662 SUSE bug 1171688 SUSE bug 1171699 SUSE bug 1171739 SUSE bug 1171743 SUSE bug 1171759 SUSE bug 1171828 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1171915 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172017 SUSE bug 1172046 SUSE bug 1172061 SUSE bug 1172062 SUSE bug 1172063 SUSE bug 1172064 SUSE bug 1172065 SUSE bug 1172066 SUSE bug 1172067 SUSE bug 1172068 SUSE bug 1172069 SUSE bug 1172073 SUSE bug 1172086 SUSE bug 1172095 SUSE bug 1172169 SUSE bug 1172170 SUSE bug 1172208 SUSE bug 1172223 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172365 SUSE bug 1172366 SUSE bug 1172374 SUSE bug 1172391 SUSE bug 1172393 SUSE bug 1172394 SUSE bug 1172453 SUSE bug 1172458 SUSE bug 1172467 SUSE bug 1172484 SUSE bug 1172537 SUSE bug 1172719 SUSE bug 1172739 SUSE bug 1172751 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172814 SUSE bug 1172823 SUSE bug 1172841 SUSE bug 1172938 SUSE bug 1172939 SUSE bug 1172940 SUSE bug 1172956 SUSE bug 1172983 SUSE bug 1172984 SUSE bug 1172985 SUSE bug 1172986 SUSE bug 1172987 SUSE bug 1172988 SUSE bug 1172989 SUSE bug 1172990 SUSE bug 1172999 SUSE bug 1173060 SUSE bug 1173068 SUSE bug 1173085 SUSE bug 1173139 SUSE bug 1173206 SUSE bug 1173271 SUSE bug 1173280 SUSE bug 1173428 SUSE bug 1173438 SUSE bug 1173461 CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12656 CVE-2020-12769 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for coturn fixes the following issues: Version 4.5.1.3: * Remove reference to SSLv3: gh#coturn/coturn#566 * Ignore MD5 for BoringSSL: gh#coturn/coturn#579 * STUN response buffer not initialized properly; he issue found and reported gh#coturn/coturn#583 by Felix D?rre all credits belongs to him. CVE-2020-4067, boo#1173510 - Let coturn allow binding to ports below 1024 per default Moderate SUSE bug 1173510 CVE-2020-4067 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chocolate-doom to version 3.0.1 fixes the following issues: - CVE-2020-14983: Fixed a stack-based buffer overflow in the networking code (boo#1173595). Important SUSE bug 1173595 CVE-2020-14983 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for live555 fixes the following issues: - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. (boo#1127341) - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead to a Use-After-Free error causing the RTSP server to crash or possibly have unspecified other impact. (boo#1124159) - Update to version 2019.06.28, - Convert to dynamic libraries (boo#1121995): + Use make ilinux-with-shared-libraries: build the dynamic libs instead of the static one. + Use make install instead of a manual file copy script: this also reveals that we missed quite a bit of code to be installed before. + Split out shared library packages according the SLPP. - Use FAT LTO objects in order to provide proper static library. This update was imported from the openSUSE:Leap:15.1:Update update project. Moderate SUSE bug 1121995 SUSE bug 1124159 SUSE bug 1127341 CVE-2019-7314 CVE-2019-9215 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rust, rust-cbindgen fixes the following issues: rust was updated for use by Firefox 76ESR. - Fixed miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) Update to version 1.43.1 - Updated openssl-src to 1.1.1g for CVE-2020-1967. - Fixed the stabilization of AVX-512 features. - Fixed `cargo package --list` not working with unpublished dependencies. Update to version 1.43.0 + Language: - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having the type inferred correctly. - Attributes such as `#[cfg()]` can now be used on `if` expressions. - Syntax only changes: * Allow `type Foo: Ord` syntactically. * Fuse associated and extern items up to defaultness. * Syntactically allow `self` in all `fn` contexts. * Merge `fn` syntax + cleanup item parsing. * `item` macro fragments can be interpolated into `trait`s, `impl`s, and `extern` blocks. For example, you may now write: ```rust macro_rules! mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {} } ``` * These are still rejected *semantically*, so you will likely receive an error but these changes can be seen and parsed by macros and conditional compilation. + Compiler - You can now pass multiple lint flags to rustc to override the previous flags. For example; `rustc -D unused -A unused-variables` denies everything in the `unused` lint group except `unused-variables` which is explicitly allowed. However, passing `rustc -A unused-variables -D unused` denies everything in the `unused` lint group **including** `unused-variables` since the allow flag is specified before the deny flag (and therefore overridden). - rustc will now prefer your system MinGW libraries over its bundled libraries if they are available on `windows-gnu`. - rustc now buffers errors/warnings printed in JSON. Libraries: - `Arc<[T; N]>`, `Box<[T; N]>`, and `Rc<[T; N]>`, now implement `TryFrom<Arc<[T]>>`,`TryFrom<Box<[T]>>`, and `TryFrom<Rc<[T]>>` respectively. **Note** These conversions are only available when `N` is `0..=32`. - You can now use associated constants on floats and integers directly, rather than having to import the module. e.g. You can now write `u32::MAX` or `f32::NAN` with no imports. - `u8::is_ascii` is now `const`. - `String` now implements `AsMut<str>`. - Added the `primitive` module to `std` and `core`. This module reexports Rust's primitive types. This is mainly useful in macros where you want avoid these types being shadowed. - Relaxed some of the trait bounds on `HashMap` and `HashSet`. - `string::FromUtf8Error` now implements `Clone + Eq`. + Stabilized APIs - `Once::is_completed` - `f32::LOG10_2` - `f32::LOG2_10` - `f64::LOG10_2` - `f64::LOG2_10` - `iter::once_with` + Cargo - You can now set config `[profile]`s in your `.cargo/config`, or through your environment. - Cargo will now set `CARGO_BIN_EXE_<name>` pointing to a binary's executable path when running integration tests or benchmarks. `<name>` is the name of your binary as-is e.g. If you wanted the executable path for a binary named `my-program`you would use `env!('CARGO_BIN_EXE_my-program')`. + Misc - Certain checks in the `const_err` lint were deemed unrelated to const evaluation, and have been moved to the `unconditional_panic` and `arithmetic_overflow` lints. + Compatibility Notes - Having trailing syntax in the `assert!` macro is now a hard error. This has been a warning since 1.36.0. - Fixed `Self` not having the correctly inferred type. This incorrectly led to some instances being accepted, and now correctly emits a hard error. Update to version 1.42.0: + Language - You can now use the slice pattern syntax with subslices. - You can now use #[repr(transparent)] on univariant enums. Meaning that you can create an enum that has the exact layout and ABI of the type it contains. - There are some syntax-only changes: * default is syntactically allowed before items in trait definitions. * Items in impls (i.e. consts, types, and fns) may syntactically leave out their bodies in favor of ;. * Bounds on associated types in impls are now syntactically allowed (e.g. type Foo: Ord;). * ... (the C-variadic type) may occur syntactically directly as the type of any function parameter. These are still rejected semantically, so you will likely receive an error but these changes can be seen and parsed by procedural macros and conditional compilation. + Compiler - Added tier 2 support for armv7a-none-eabi. - Added tier 2 support for riscv64gc-unknown-linux-gnu. - Option::{expect,unwrap} and Result::{expect, expect_err, unwrap, unwrap_err} now produce panic messages pointing to the location where they were called, rather than core's internals. Refer to Rust's platform support page for more information on Rust's tiered platform support. + Libraries - iter::Empty<T> now implements Send and Sync for any T. - Pin::{map_unchecked, map_unchecked_mut} no longer require the return type to implement Sized. - io::Cursor now derives PartialEq and Eq. - Layout::new is now const. - Added Standard Library support for riscv64gc-unknown-linux-gnu. + Stabilized APIs - CondVar::wait_while - CondVar::wait_timeout_while - DebugMap::key - DebugMap::value - ManuallyDrop::take - matches! - ptr::slice_from_raw_parts_mut - ptr::slice_from_raw_parts + Cargo - You no longer need to include extern crate proc_macro; to be able to use proc_macro; in the 2018 edition. + Compatibility Notes - Error::description has been deprecated, and its use will now produce a warning. It's recommended to use Display/to_string instead. Update to version 1.41.1: - Always check types of static items - Always check lifetime bounds of `Copy` impls - Fix miscompilation in callers of `Layout::repeat` Update to version 1.41.0: + Language - You can now pass type parameters to foreign items when implementing traits. E.g. You can now write `impl<T> From<Foo> for Vec<T> {}`. - You can now arbitrarily nest receiver types in the `self` position. E.g. you can now write `fn foo(self: Box<Box<Self>>) {}`. Previously only `Self`, `&Self`, `&mut Self`, `Arc<Self>`, `Rc<Self>`, and `Box<Self>` were allowed. - You can now use any valid identifier in a `format_args` macro. Previously identifiers starting with an underscore were not allowed. - Visibility modifiers (e.g. `pub`) are now syntactically allowed on trait items and enum variants. These are still rejected semantically, but can be seen and parsed by procedural macros and conditional compilation. + Compiler - Rustc will now warn if you have unused loop `'label`s. - Removed support for the `i686-unknown-dragonfly` target. - Added tier 3 support\* for the `riscv64gc-unknown-linux-gnu` target. - You can now pass an arguments file passing the `@path` syntax to rustc. Note that the format differs somewhat from what is found in other tooling; please see the documentation for more information. - You can now provide `--extern` flag without a path, indicating that it is available from the search path or specified with an `-L` flag. Refer to Rust's [platform support page][forge-platform-support] for more information on Rust's tiered platform support. + Libraries - The `core::panic` module is now stable. It was already stable through `std`. - `NonZero*` numerics now implement `From<NonZero*>` if it's a smaller integer width. E.g. `NonZeroU16` now implements `From<NonZeroU8>`. - `MaybeUninit<T>` now implements `fmt::Debug`. + Stabilized APIs - `Result::map_or` - `Result::map_or_else` - `std::rc::Weak::weak_count` - `std::rc::Weak::strong_count` - `std::sync::Weak::weak_count` - `std::sync::Weak::strong_count` + Cargo - Cargo will now document all the private items for binary crates by default. - `cargo-install` will now reinstall the package if it detects that it is out of date. - Cargo.lock now uses a more git friendly format that should help to reduce merge conflicts. - You can now override specific dependencies's build settings. E.g. `[profile.dev.package.image] opt-level = 2` sets the `image` crate's optimisation level to `2` for debug builds. You can also use `[profile.<profile>.build-override]` to override build scripts and their dependencies. + Misc - You can now specify `edition` in documentation code blocks to compile the block for that edition. E.g. `edition2018` tells rustdoc that the code sample should be compiled the 2018 edition of Rust. - You can now provide custom themes to rustdoc with `--theme`, and check the current theme with `--check-theme`. - You can use `#[cfg(doc)]` to compile an item when building documentation. + Compatibility Notes - As previously announced 1.41.0 will be the last tier 1 release for 32-bit Apple targets. This means that the source code is still available to build, but the targets are no longer being tested and release binaries for those platforms will no longer be distributed by the Rust project. Please refer to the linked blog post for more information. - Bump version of libssh2 for SLE15; we now need a version with libssh2_userauth_publickey_frommemory(), which appeared in libssh2 1.6.0. Update to version 1.40.0 + Language - You can now use tuple `struct`s and tuple `enum` variant's constructors in `const` contexts. e.g. pub struct Point(i32, i32); const ORIGIN: Point = { let constructor = Point; constructor(0, 0) }; - You can now mark `struct`s, `enum`s, and `enum` variants with the `#[non_exhaustive]` attribute to indicate that there may be variants or fields added in the future. For example this requires adding a wild-card branch (`_ => {}`) to any match statements on a non-exhaustive `enum`. - You can now use function-like procedural macros in `extern` blocks and in type positions. e.g. `type Generated = macro!();` - Function-like and attribute procedural macros can now emit `macro_rules!` items, so you can now have your macros generate macros. - The `meta` pattern matcher in `macro_rules!` now correctly matches the modern attribute syntax. For example `(#[$m:meta])` now matches `#[attr]`, `#[attr{tokens}]`, `#[attr[tokens]]`, and `#[attr(tokens)]`. + Compiler - Added tier 3 support\* for the `thumbv7neon-unknown-linux-musleabihf` target. - Added tier 3 support for the `aarch64-unknown-none-softfloat` target. - Added tier 3 support for the `mips64-unknown-linux-muslabi64`, and `mips64el-unknown-linux-muslabi64` targets. + Libraries - The `is_power_of_two` method on unsigned numeric types is now a `const` function. + Stabilized APIs - BTreeMap::get_key_value - HashMap::get_key_value - Option::as_deref_mut - Option::as_deref - Option::flatten - UdpSocket::peer_addr - f32::to_be_bytes - f32::to_le_bytes - f32::to_ne_bytes - f64::to_be_bytes - f64::to_le_bytes - f64::to_ne_bytes - f32::from_be_bytes - f32::from_le_bytes - f32::from_ne_bytes - f64::from_be_bytes - f64::from_le_bytes - f64::from_ne_bytes - mem::take - slice::repeat - todo! + Cargo - Cargo will now always display warnings, rather than only on fresh builds. - Feature flags (except `--all-features`) passed to a virtual workspace will now produce an error. Previously these flags were ignored. - You can now publish `dev-dependencies` without including a `version`. + Misc - You can now specify the `#[cfg(doctest)]` attribute to include an item only when running documentation tests with `rustdoc`. + Compatibility Notes - As previously announced, any previous NLL warnings in the 2015 edition are now hard errors. - The `include!` macro will now warn if it failed to include the entire file. The `include!` macro unintentionally only includes the first _expression_ in a file, and this can be unintuitive. This will become either a hard error in a future release, or the behavior may be fixed to include all expressions as expected. - Using `#[inline]` on function prototypes and consts now emits a warning under `unused_attribute` lint. Using `#[inline]` anywhere else inside traits or `extern` blocks now correctly emits a hard error. Update to version 1.39.0 + Language - You can now create async functions and blocks with async fn, async move {}, and async {} respectively, and you can now call .await on async expressions. - You can now use certain attributes on function, closure, and function pointer parameters. - You can now take shared references to bind-by-move patterns in the if guards of match arms. + Compiler - Added tier 3 support for the i686-unknown-uefi target. - Added tier 3 support for the sparc64-unknown-openbsd target. - rustc will now trim code snippets in diagnostics to fit in your terminal. - You can now pass --show-output argument to test binaries to print the output of successful tests. + For more details: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019-11-07 - Switch to bundled version of libgit2 for now. libgit2-sys seems to expect using the bundled variant, which just seems to point to a snapshot of the master branch and doesn't match any released libgit2 (bsc#1154817). See: https://github.com/rust-lang/rust/issues/63476 and https://github.com/rust-lang/git2-rs/issues/458 for details. Update to version 1.38.0 + Language - The `#[global_allocator]` attribute can now be used in submodules. - The `#[deprecated]` attribute can now be used on macros. + Compiler - Added pipelined compilation support to `rustc`. This will improve compilation times in some cases. + Libraries - `ascii::EscapeDefault` now implements `Clone` and `Display`. - Derive macros for prelude traits (e.g. `Clone`, `Debug`, `Hash`) are now available at the same path as the trait. (e.g. The `Clone` derive macro is available at `std::clone::Clone`). This also makes all built-in macros available in `std`/`core` root. e.g. `std::include_bytes!`. - `str::Chars` now implements `Debug`. - `slice::{concat, connect, join}` now accepts `&[T]` in addition to `&T`. - `*const T` and `*mut T` now implement `marker::Unpin`. - `Arc<[T]>` and `Rc<[T]>` now implement `FromIterator<T>`. - Added euclidean remainder and division operations (`div_euclid`, `rem_euclid`) to all numeric primitives. Additionally `checked`, `overflowing`, and `wrapping` versions are available for all integer primitives. - `thread::AccessError` now implements `Clone`, `Copy`, `Eq`, `Error`, and `PartialEq`. - `iter::{StepBy, Peekable, Take}` now implement `DoubleEndedIterator`. + Stabilized APIs - `<*const T>::cast` - `<*mut T>::cast` - `Duration::as_secs_f32` - `Duration::as_secs_f64` - `Duration::div_f32` - `Duration::div_f64` - `Duration::from_secs_f32` - `Duration::from_secs_f64` - `Duration::mul_f32` - `Duration::mul_f64` - `any::type_name` + Cargo - Added pipelined compilation support to `cargo`. - You can now pass the `--features` option multiple times to enable multiple features. + Misc - `rustc` will now warn about some incorrect uses of `mem::{uninitialized, zeroed}` that are known to cause undefined behaviour. Update to version 1.37.0 + Language - #[must_use] will now warn if the type is contained in a tuple, Box, or an array and unused. - You can now use the `cfg` and `cfg_attr` attributes on generic parameters. - You can now use enum variants through type alias. e.g. You can write the following: ``` type MyOption = Option<u8>; fn increment_or_zero(x: MyOption) -> u8 { match x { MyOption::Some(y) => y + 1, MyOption::None => 0, } } ``` - You can now use `_` as an identifier for consts. e.g. You can write `const _: u32 = 5;`. - You can now use `#[repr(align(X)]` on enums. - The `?` Kleene macro operator is now available in the 2015 edition. + Compiler - You can now enable Profile-Guided Optimization with the `-C profile-generate` and `-C profile-use` flags. For more information on how to use profile guided optimization, please refer to the rustc book. - The `rust-lldb` wrapper script should now work again. + Libraries - `mem::MaybeUninit<T>` is now ABI-compatible with `T`. + Stabilized APIs - BufReader::buffer - BufWriter::buffer - Cell::from_mut - Cell<[T]>::as_slice_of_cells - Cell<slice>::as_slice_of_cells - DoubleEndedIterator::nth_back - Option::xor - Wrapping::reverse_bits - i128::reverse_bits - i16::reverse_bits - i32::reverse_bits - i64::reverse_bits - i8::reverse_bits - isize::reverse_bits - slice::copy_within - u128::reverse_bits - u16::reverse_bits - u32::reverse_bits - u64::reverse_bits - u8::reverse_bits - usize::reverse_bits + Cargo - Cargo.lock files are now included by default when publishing executable crates with executables. - You can now specify `default-run='foo'` in `[package]` to specify the default executable to use for `cargo run`. - cargo-vendor is now provided as a sub-command of cargo + Compatibility Notes - Using `...` for inclusive range patterns will now warn by default. Please transition your code to using the `..=` syntax for inclusive ranges instead. - Using a trait object without the `dyn` will now warn by default. Please transition your code to use `dyn Trait` for trait objects instead. Crab(String), Lobster(String), Person(String), let state = Creature::Crab('Ferris'); if let Creature::Crab(name) | Creature::Person(name) = state { println!('This creature's name is: {}', name); } unsafe { foo() } pub fn new(x: i32, y: i32) -> Self { Self(x, y) } pub fn is_origin(&self) -> bool { match self { Self(0, 0) => true, _ => false, } } Self: PartialOrd<Self> // can write `Self` instead of `List<T>` Nil, Cons(T, Box<Self>) // likewise here fn test(&self) { println!('one'); } //~ ERROR duplicate definitions with name `test` fn test(&self) { println!('two'); } * Basic procedural macros allowing custom `#[derive]`, aka 'macros 1.1', are stable. This allows popular code-generating crates like Serde and Diesel to work ergonomically. [RFC 1681]. * [Tuple structs may be empty. Unary and empty tuple structs may be instantiated with curly braces][36868]. Part of [RFC 1506]. * [A number of minor changes to name resolution have been activated][37127]. They add up to more consistent semantics, allowing for future evolution of Rust macros. Specified in [RFC 1560], see its section on ['changes'] for details of what is different. The breaking changes here have been transitioned through the [`legacy_imports`] lint since 1.14, with no known regressions. * [In `macro_rules`, `path` fragments can now be parsed as type parameter bounds][38279] * [`?Sized` can be used in `where` clauses][37791] * [There is now a limit on the size of monomorphized types and it can be modified with the `#![type_size_limit]` crate attribute, similarly to the `#![recursion_limit]` attribute][37789] * [On Windows, the compiler will apply dllimport attributes when linking to extern functions][37973]. Additional attributes and flags can control which library kind is linked and its name. [RFC 1717]. * [Rust-ABI symbols are no longer exported from cdylibs][38117] * [The `--test` flag works with procedural macro crates][38107] * [Fix `extern 'aapcs' fn` ABI][37814] * [The `-C no-stack-check` flag is deprecated][37636]. It does nothing. * [The `format!` expander recognizes incorrect `printf` and shell-style formatting directives and suggests the correct format][37613]. * [Only report one error for all unused imports in an import list][37456] * [Avoid unnecessary `mk_ty` calls in `Ty::super_fold_with`][37705] * [Avoid more unnecessary `mk_ty` calls in `Ty::super_fold_with`][37979] * [Don't clone in `UnificationTable::probe`][37848] * [Remove `scope_auxiliary` to cut RSS by 10%][37764] * [Use small vectors in type walker][37760] * [Macro expansion performance was improved][37701] * [Change `HirVec<P<T>>` to `HirVec<T>` in `hir::Expr`][37642] * [Replace FNV with a faster hash function][37229] https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md rust-cbindgen is shipped in version 0.14.1. Moderate SUSE bug 1115645 SUSE bug 1154817 SUSE bug 1173202 CVE-2020-1967 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: - Update to version 69.0.3686.49 - CHR-7971 Update chromium on desktop-stable-83-3686 to 83.0.4103.116 (CVE-2020-6509) - DNA-79195 Wrong date on history - DNA-86090 Crash at views::View::ReorderChildView(views::View*, int) - DNA-86122 [Mac] Some popovers have incorrectly themed arrow - DNA-86833 Add hint to tell users that tab content is now searched - DNA-86906 [Search in tabs] No matching results in your open tabs label not displayed for some strings not found. - DNA-86983 Allow to search from the tile - DNA-87029 Search in tabs dropdown should disappear when resizing window - DNA-87051 No autocompletion in the address bar for Speed Dials - DNA-87091 Do not vertically center search-in-tabs dialog - DNA-87113 Crash at content::NavigationRequest::GetRenderFrameHost() - DNA-87114 Double scrollbar in bookmarks popup - DNA-87117 Hide “Provide additional details” button when crash is discarded by Socorro - DNA-87122 Hide provide more information button from infobar when crash is discarded - DNA-87153 The icons cover the inscription on the BABE picture title - DNA-87203 The scroll view changes visible area unexpectedly - DNA-87243 Provide missing translations - DNA-87245 Extend schema and report search events - DNA-87261 Allow to use search and modal at the same time - DNA-87273 Switch to dedicated subdomain - Complete Opera 69.0 changelog at: https://blogs.opera.com/desktop/changelog-for-69/ Important SUSE bug 1173251 CVE-2020-6509 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nasm fixes the following issues: nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. * Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8. * Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5. * The GLOBAL directive no longer is required to precede the definition of the symbol. * Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5. * Updated UD0 encoding to match with the specification * Added the --limit-X command line option to set execution limits. See section 2.1.31. * Updated the Codeview version number to be aligned with MASM. * Added the --keep-all command line option to preserve output files. See section 2.1.32. * Added the --include command line option, an alias to -P (section 2.1.18). * Added the --help command line option as an alias to -h (section 3.1). * Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. New upstream version 2.13.03: * Add flags: AES, VAES, VPCLMULQDQ * Add VPCLMULQDQ instruction * elf: Add missing dwarf loc section * documentation updates This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1084631 SUSE bug 1086186 SUSE bug 1086227 SUSE bug 1086228 SUSE bug 1090519 SUSE bug 1090840 SUSE bug 1106878 SUSE bug 1107592 SUSE bug 1107594 SUSE bug 1108404 SUSE bug 1115758 SUSE bug 1115774 SUSE bug 1115795 SUSE bug 1173538 CVE-2018-1000667 CVE-2018-10016 CVE-2018-10254 CVE-2018-10316 CVE-2018-16382 CVE-2018-16517 CVE-2018-16999 CVE-2018-19214 CVE-2018-19215 CVE-2018-19216 CVE-2018-8881 CVE-2018-8882 CVE-2018-8883 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1168669 SUSE bug 1173032 CVE-2020-12402 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for LibVNCServer fixes the following issues: - CVE-2017-18922: Fixed an issue which could have allowed to an attacker to pre-auth overwrite a function pointer which subsequently used leading to potential remote code execution (bsc#1173477). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173477 CVE-2017-18922 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues: - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173576 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1166238 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205). Additional upstream bug fixes (bsc#1027519) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1172205 SUSE bug 1173376 SUSE bug 1173377 SUSE bug 1173378 SUSE bug 1173380 CVE-2020-0543 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1172380 CVE-2020-10756 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for solo fixes the following issues: Update to Solo 4.1.2 * Fix boo#1186848 CVE-202-27208, security issue in firmware source that is part of the source package. Moderate SUSE bug 1186848 CVE-2020-27208 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openscad fixes the following issues: - CVE-2020-28600: A specially crafted STL file could lead to code execution via out-of-bounds write in import_stl.cc:import_stl() (bsc#1185975) Moderate SUSE bug 1185975 CVE-2020-28600 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for icinga2 fixes the following issues: icinga2 was updated to 2.12.4 * Bugfixes - Fix a crash when notification objects are deleted using the API #8782 - Fix crashes that might occur during downtime scheduling if host or downtime objects are deleted using the API #8785 - Fix an issue where notifications may incorrectly be skipped after a downtime ends #8775 - Don't send reminder notification if the notification is still suppressed by a time period #8808 - Fix an issue where attempting to create a duplicate object using the API might result in the original object being deleted #8787 - IDO: prioritize program status updates #8809 - Improve exceptions handling, including a fix for an uncaught exception on Windows #8777 - Retry file rename operations on Windows to avoid intermittent locking issues #8771 - Update to 2.12.3 * Security - Fix that revoked certificates due for renewal will automatically be renewed ignoring the CRL (Advisory / CVE-2020-29663 - fixes boo#1180147 ) * Bugfixes - Improve config sync locking - resolves high load issues on Windows #8511 - Fix runtime config updates being ignored for objects without zone #8549 - Use proper buffer size for OpenSSL error messages #8542 * Enhancements - On checkable recovery: re-check children that have a problem #8506 - Update to 2.12.2 * Bugfixes - Fix a connection leak with misconfigured agents #8483 - Properly sync changes of config objects in global zones done via the API #8474 #8470 - Prevent other clients from being disconnected when replaying the cluster log takes very long #8496 - Avoid duplicate connections between endpoints #8465 - Ignore incoming config object updates for unknown zones #8461 - Check timestamps before removing files in config sync #8495 * Enhancements - Include HTTP status codes in log #8467 Moderate SUSE bug 1180147 CVE-2020-29663 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for jdom2 fixes the following issues: - CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1187446 CVE-2021-33813 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981) - CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010) - CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990) - CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681) - CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975) Non-security issues fixed: - Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) - QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290) - Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785): - Fix testsuite error (bsc#1184574) - Fix qemu crash with iothread when block commit after snapshot (bsc#1187013) - Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591) - Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1149813 SUSE bug 1163019 SUSE bug 1172380 SUSE bug 1175534 SUSE bug 1176681 SUSE bug 1178683 SUSE bug 1178935 SUSE bug 1179477 SUSE bug 1179484 SUSE bug 1182846 SUSE bug 1182975 SUSE bug 1183979 SUSE bug 1184574 SUSE bug 1185591 SUSE bug 1185981 SUSE bug 1185990 SUSE bug 1186010 SUSE bug 1186290 SUSE bug 1187013 CVE-2019-15890 CVE-2020-10756 CVE-2020-14364 CVE-2020-25085 CVE-2020-25707 CVE-2020-25723 CVE-2020-29129 CVE-2020-29130 CVE-2020-8608 CVE-2021-20257 CVE-2021-3419 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for claws-mail fixes the following issues: Update to 3.18.0 * Support for the OAuth2 authorisation protocol has been added for IMAP, POP and SMTP using custom, user-generated client IDs. OAuth2 preferences are found in the Account Preferences on the Receive page (for POP: Authenticate before POP connection, for IMAP: Authentication method); the Send page (SMTP authentication: Authentication method); and on a dedicated OAuth2 page. * The option 'Save (X-)Face in address book if possible' has been added to the /Message View/Text Options preferences page. Previously the (X-)Face would be saved automatically, therefore this option is turned on by default. * The Image Viewer has been reworked. New options have been added to /Message View/Image Viewer: when resizing images, either fit the image width or fit the image height to the available space. Fitting the image height is the default. Regardless of this setting, when displaying images inline they will fit the height. When displaying an image, left-clicking the image will toggle between full size and reduced size; right-clicking will toggle between fitting the height and fitting the width. * When re-editing a saved message, it is now possible to use /Options/Remove References. * It is now possible to attempt to retrieve a missing GPG key via WKD. * The man page has been updated. * Updated translations: Brazilian Portuguese, British English, Catalan, Czech, Danish, Dutch, French, Polish, Romanian, Russian, Slovak, Spanish, Traditional Chinese, Turkish. * bug fixes: claws#2411, claws#4326, claws#4394, claws#4431, claws#4445, claws#4447, claws#4455, claws#4473 - stop WM's X button from causing GPG key fetch attempt - Make fancy respect default font size for messageview - harden link checker before accepting click - non-display of (X-)Face when prefs_common.enable_avatars is AVATARS_ENABLE_RENDER (2) - debian bug #983778, 'Segfault on selecting empty 'X-Face' custom header' * It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. * A Phishing warning is now shown when copying a phishing URL, (in addition to clicking a phishing URL). * The progress window when importing an mbox file is now more responsive. * A warning dialogue is shown if the selected privacy system is 'None' and automatic signing amd/or encrypting is enabled. * Python plugin: pkgconfig is now used to check for python2. This enables the Python plugin (which uses python2) to be built on newer systems which have both python2 and python3. Bug fixes: * bug 3922, 'minimize to tray on startup not working' * bug 4220, 'generates files in cache without content' * bug 4325, 'Following redirects when retrieving image' * bug 4342, 'Import mbox file command doesn't work twice on a row' * fix STARTTLS protocol violation CVE-2020-15917 boo#1174457) * fix initial debug line * fix fat-fingered crash when v (hiding msgview) is pressed just before c (check signature) * fix non-translation of some Templates strings Moderate SUSE bug 1174457 CVE-2020-15917 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1187105 CVE-2020-35512 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for lasso fixes the following issues: - CVE-2021-28091: Fixed XML signature wrapping vulnerability when parsing SAML responses (boo#1186768) Important SUSE bug 1186768 CVE-2021-28091 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1157818 SUSE bug 1158812 SUSE bug 1158958 SUSE bug 1158959 SUSE bug 1158960 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1159847 SUSE bug 1159850 SUSE bug 1160309 SUSE bug 1160438 SUSE bug 1160439 SUSE bug 1164719 SUSE bug 1172091 SUSE bug 1172115 SUSE bug 1172234 SUSE bug 1172236 SUSE bug 1172240 SUSE bug 1173641 SUSE bug 928700 SUSE bug 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs12 fixes the following issues: - update to 12.22.2: - CVE-2021-22918: Out of bounds read (bsc#1187973) - CVE-2021-23362: ssri Regular Expression Denial of Service and hosted-git-info (bsc#1187977) - CVE-2021-27290: Regular Expression Denial of Service (bsc#1187976) - CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (bsc#1183851) - CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (bsc#1183852) - CVE-2020-7774: npm - Update y18n to fix Prototype-Pollution (bsc#1184450) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183851 SUSE bug 1183852 SUSE bug 1184450 SUSE bug 1187973 SUSE bug 1187976 SUSE bug 1187977 CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVE-2021-3449 CVE-2021-3450 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for php7 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1180706 CVE-2020-7071 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs14 fixes the following issues: Update nodejs14 to 14.17.2. Including fixes for: - CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973) - CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976) - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service (bsc#1187977) - CVE-2020-7774: y18n Prototype Pollution (bsc#1184450) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1184450 SUSE bug 1187973 SUSE bug 1187976 SUSE bug 1187977 CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973) - CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976) - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service (bsc#1187977) - CVE-2020-7774: y18n Prototype Pollution (bsc#1184450) - CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (bsc#1183851) - CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (bsc#1183852) - reduce memory footprint of test-worker-stdio (bsc#1183155) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1183155 SUSE bug 1183851 SUSE bug 1183852 SUSE bug 1184450 SUSE bug 1187973 SUSE bug 1187976 SUSE bug 1187977 CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVE-2021-3449 CVE-2021-3450 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features of a document * CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nextcloud fixes the following issues: nextcloud was updated to 20.0.11: - Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied - Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse - Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly logged - Fix boo#1188250 - CVE-2021-32688: lacking permission check with application specific tokens - Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo endpoint - Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV endpoint - Fix boo#1188253 - CVE-2021-32725: default share permissions were not being respected for federated reshares of files and folders - Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after a user has been deleted - Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on shared files - Fix boo#1188256 - CVE-2021-32741: lack of ratelimiting on the public share link mount endpoint - Bump handlebars from 4.7.6 to 4.7.7 (server#26900) - Bump lodash from 4.17.20 to 4.17.21 (server#26909) - Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920) - Don't break OCC if an app is breaking in it's Application class (server#26954) - Add bruteforce protection to the shareinfo endpoint (server#26956) - Ignore readonly flag for directories (server#26965) - Throttle MountPublicLinkController when share is not found (server#26971) - Respect default share permissions for federated reshares (server#27001) - Harden apptoken check (server#27014) - Use parent wrapper to properly handle moves on the same source/target storage (server#27016) - Fix error when using CORS with no auth credentials (server#27027) - Fix return value of getStorageInfo when 'quota_include_external_storage' is enabled (server#27108) - Bump patch dependencies (server#27183) - Use noreply@ as email address for share emails (server#27209) - Bump p-queue from 6.6.1 to 6.6.2 (server#27226) - Bump browserslist from 4.14.0 to 4.16.6 (server#27247) - Bump webpack from 4.44.1 to 4.44.2 (server#27297) - Properly use limit and offset for search in Jail wrapper (server#27308) - Make user:report command scale (server#27319) - Properly log expiration date removal in audit log (server#27325) - Propagate throttling on OCS response (server#27337) - Set umask before operations that create local files (server#27349) - Escape filename in Content-Disposition (server#27360) - Don't update statuses to offline again and again (server#27412) - Header must contain a colon (server#27456) - Activate constraint check for oracle / pqsql also for 20 (server#27523) - Only allow removing existing shares that would not be allowed due to reshare restrictions (server#27552) - Bump ws from 7.3.1 to 7.5.0 (server#27570) - Properly cleanup entries of WebAuthn on user deletion (server#27596) - Throttle on public DAV endpoint (server#27617) - Bump vue-loader from 15.9.3 to 15.9.7 (server#27639) - Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (server#27651) - Validate the theming color also on CLI (server#27680) - Downstream encryption:fix-encrypted-version for repairing bad signature errors (server#27728) - Remove encodeURI code (files_pdfviewer#396) - Only ask for permissions on HTTPS (notifications#998) - Fix sorting if one of the file name is only composed with number (photos#785) - Backport 20 fix Photos not shown in large browser windows #630 (#686) (photos#810) - Update File.vue (photos#813) - Update chart.js (serverinfo#309) - Only return workspace property for top node in a propfind request (text#1611) - ViewerComponent: pass on autofocus to EditorWrapper (text#1647) - Use text/plain as content type for fetching the document (text#1692) - Log exceptions that happen on unknown exception and return generic messages (text#1698) - Add fixup (viewer#924) - Fix: fullscreen for Firefox (viewer#929) Update to 20.0.7 - Catch NotFoundException when querying quota (server#25315) - CalDAV] Validate notified emails (server#25324) - Fix/app fetcher php compat comparison (server#25347) - Show the actual error on share requests (server#25352) - Fix parameter provided as string not array (server#25366) - The objectid is a string (server#25374) - 20.0.7 final (server#25387) - Properly handle SMB ACL blocking scanning a directory (server#25421) - Don't break completely when creating the digest fail for one user (activity#556) - Only attempt to use a secure view if hide download is actually set (files_pdfviewer#296) - Fix opening PDF files with special characters in their name (files_pdfviewer#298) - Fix PDF viewer failing on Edge (not based on Chromium) (files_pdfviewer#299) - Cannot unfold plain text notifications (notifications#846) - Remove EPUB mimetype (text#1391) Update to 20.0.6 - Make sure to do priority app upgrades first (server#25077) - Respect DB restrictions on number of arguments in statements and queries (server#25120) - Add a hint about the direction of priority (server#25143) - Do not redirect to logout after login (server#25146) - Fix comparison of PHP versions (server#25152) - Add 'composer.lock' for acceptance tests to git (server#25178) - Update CRL due to revoked gravatar.crl (server#25190) - Don't log keys on checkSignature (server#25193) - Update 3rdparty after Archive_Tar (server#25199) - Bump CA bundle (server#25219) - Update handling of user credentials (server#25225) - Fix encoding issue with OC.Notification.show (server#25244) - Also use storage copy when dav copying directories (server#25261) - Silence log message (server#25263) - Extend ILDAPProvider to allow reading arbitrairy ldap attributes for users (server#25276) - Do not obtain userFolder of a federated user (server#25278) - Bump pear/archive_tar from 1.4.11 to 1.4.12 (3rdparty#603) - Add gitignore entry for .github folder of dependencies (3rdparty#604) - Clear event array on getting them (activity#551) Update to 20.0.5 - Don't log params of imagecreatefromstring (server#24546) - Use storage copy implementation when doing dav copy (server#24590) - Use in objectstore copy (server#24592) - Add tel, note, org and title search (server#24697) - Check php compatibility of app store app releases (server#24698) - Fix #24682]: ensure federation cloud id is retruned if FN property not found (server#24709) - Do not include non-required scripts on the upgrade page (server#24714) - LDAP: fix inGroup for memberUid type of group memberships (server#24716) - Cancel user search requests to avoid duplicate results being added (server#24728) - Also unset the other possible unused paramters (server#24751) - Enables the file name check also to match name of mountpoints (server#24760) - Fixes sharing to group ids with characters that are being url encoded (server#24763) - Limit getIncomplete query to one row (server#24791) - Fix Argon2 descriptions (server#24792) - Actually set the TTL on redis set (server#24798) - Allow to force rename a conflicting calendar (server#24806) - Fix IPv6 localhost regex (server#24823) - Catch the error on heartbeat update (server#24826) - Make oc_files_trash.auto_id a bigint (server#24853) - Fix total upload size overwritten by next upload (server#24854) - Avoid huge exception argument logging (server#24876) - Make share results distinguishable if there are more than one with the exact same display name (server#24878) - Add migration for oc_share_external columns (server#24963) - Don't throw a 500 when importing a broken ics reminder file (server#24972) - Fix unreliable ViewTest (server#24976) - Update root.crl due to revocation of transmission.crt (server#24990) - Set the JSCombiner cache if needed (server#24997) - Fix column name to check prior to deleting (server#25009) - Catch throwable instead of exception (server#25013) - Set the user language when adding the footer (server#25019) - Change defaultapp in config.sample.php to dashboard to improve docs and align it to source code (server#25030) - Fix clearing the label of a share (server#25035) - Update psalm-baseline.xml (server#25066) - Don't remove assignable column for now (server#25074) - Add setup check to verify that the used DB version is still supported… (server#25076) - Correctly set the user for activity parsing when preparing a notifica… (activity#542) - Bump vue-virtual-grid from 2.2.1 to 2.3.0 (photos#597) - Catch possible database exceptions when fetching document data (text#1221) - Make sure we have the proper PHP version installed before running composer (text#1234) - Revert removal of transformResponse (text#1235) - Bump prosemirror-view from 1.16.1 to 1.16.5 (text#1255) - Bump @babel/preset-env from 7.12.1 to 7.12.11 (text#1257) - Bump babel-loader from 8.1.0 to 8.2.2 (text#1259) - Bump eslint-plugin-standard from 4.0.2 to 4.1.0 (text#1261) - Bump vue-loader from 15.9.5 to 15.9.6 (text#1263) - Bump prosemirror-model from 1.12.0 to 1.13.1 (text#1265) - Bump core-js from 3.7.0 to 3.8.1 (text#1266) - Bump stylelint from 13.7.2 to 13.8.0 (text#1269) - Bump @babel/plugin-transform-runtime from 7.12.1 to 7.12.10 (text#1271) - Bump sass-loader from 10.0.5 to 10.1.0 (text#1273) - Bump webpack-merge from 5.3.0 to 5.7.2 (text#1274) - Bump @babel/core from 7.12.3 to 7.12.10 (text#1277) - Bump cypress from 5.1.0 to 5.6.0 (text#1278) - Bump @vue/test-utils from 1.1.1 to 1.1.2 (text#1279) - Bump webpack-merge from 5.7.2 to 5.7.3 (text#1303) - The apache subpackage must require the main package, otherwise it will not be uninstalled when the main package is uninstalled. Update to 20.0.4 - Avoid dashboard crash when accessibility app is not installed (server#24636) - Bump ini from 1.3.5 to 1.3.7 (server#24649) - Handle owncloud migration to latest release (server#24653) - Use string for storing a OCM remote id (server#24654) - Fix MySQL database size calculation (serverinfo#262) - Bump cypress-io/github-action@v2 (viewer#722) - Fix] sidebar opening animation (viewer#723) - Fix not.exist cypress and TESTING checks (viewer#725) - Put apache configuration files in separate subpackage. - Use apache-rpm-macros for SUSE. - Change oc_* macros to nc_* macros. - Insert macro apache_serverroot also in cron files. Update to 20.0.3 * Check quota of subdirectories when uploading to them (server#24181) * CircleId too short in some request (server#24196) * Missing level in ScopedPsrLogger (server#24212) * Fix nextcloud logo in email notifications misalignment (server#24228) * Allow selecting multiple columns with SELECT DISTINCT (server#24230) * Use file name instead of path in 'not allowed to share' message (server#24231) * Fix setting images through occ for theming (server#24232) * Use regex when searching on single file shares (server#24239) * Harden EncryptionLegacyCipher a bit (server#24249) * Update ScanLegacyFormat.php (server#24258) * Simple typo in comments (server#24259) * Use correct year for generated birthdays events (server#24263) * Delete files that exceed trashbin size immediately (server#24297) * Update sabre/xml to fix XML parsing errors (server#24311) * Only check path for being accessible when the storage is a object home (server#24325) * Avoid empty null default with value that will be inserted anyways (server#24333) * Fix contacts menu position and show uid as a tooltip (server#24342) * Fix the config key on the sharing expire checkbox (server#24346) * Set the display name of federated sharees from addressbook (server#24353) * Catch storage not available in versions expire command (server#24367) * Use proper bundles for files client and fileinfo (server#24377) * Properly encode path when fetching inherited shares (server#24387) * Formatting remote sharer should take protocol, path into account (server#24391) * Make sure we add new line between vcf groups exports (server#24443) * Fix public calendars shared to circles (server#24446) * Store scss variables under a different prefix for each theming config version (server#24453) * External storages: save group ids not display names in configuration (server#24455) * Use correct l10n source in files_sharing JS code (server#24462) * Set frame-ancestors to none if none are filled (server#24477) * Move the password fiels of chaging passwords to post (server#24478) * Move the global password for files external to post (server#24479) * Only attempt to move to trash if a file is not in appdata (server#24483) * Fix loading mtime of new file in conflict dialog in firefox (server#24491) * Harden setup check for TLS version if host is not reachable (server#24502) * Fix file size computation on 32bit platforms (server#24509) * Allow subscription to indicate that a userlimit is reached (server#24511) * Set mountid for personal external storage mounts (server#24513) * Only execute plain mimetype check for directories and do the fallback… (server#24517) * Fix vsprint parameter (server#24527) * Replace abandoned log normalizer with our fork (server#24530) * Add icon to user limit notification (server#24531) * Also run repair steps when encryption is disabled but a legacy key is present (server#24532) * [3rdparty][security] Archive TAR to 1.4.11 (server#24534) * Generate a new session id if the decrypting the session data fails (server#24553) * Revert 'Do not read certificate bundle from data dir by default' (server#24556) * Dont use system composer for autoload checker (server#24557) * Remember me is not an app_password (server#24563) * Do not load nonexisting setup.js (server#24582) * Update sabre/xml to fix XML parsing errors (3rdparty#529) * Use composer v1 on CI (3rdparty#532) * Bump pear/archive_tar from 1.4.9 to 1.4.11 (3rdparty#536) * Replace abandoned log normalizer with our fork (3rdparty#543) * Allow nullable values as subject params (activity#535) * Don't log when unknown array is null (notifications#803) * Feat/virtual grid (photos#550) * Make sure we have a string to localecompare to (photos#583) * Always get recommendations for dashboard if enabled (recommendations#336) * Properly fetch oracle database information (serverinfo#258) * Also register to urlChanged event to update RichWorkspace (text#1181) * Move away from GET (text#1214) Update to 20.0.2 * CVE-2020-8293: Fixed input validation which allowed users to store unlimited data in workflow rules (boo#1181445). * CVE-2020-8294: Fixed a missing link validation (boo#1181803). * Inidicate preview availability in share api responses (server#23419) * CalDavBackend: check if timerange is array before accessing (server#23563) * Some emojis are in CHAR_CATEGORY_GENERAL_OTHER_TYPES (server#23575) * Also expire share type email (server#23583) * Only use index of mount point when it is there (server#23611) * Only retry fetching app store data once every 5 minutes in case it fails (server#23633) * Bring back the restore share button (server#23636) * Fix updates of NULL appconfig values (server#23641) * Fix sharing input placeholder for emails (server#23646) * Use bigint for fileid in filecache_extended (server#23690) * Enable theming background transparency (server#23699) * Fix sharer flag on ldap:show-remnants when user owned more than a single share (server#23702) * Make sure the function signatures of the backgroundjob match (server#23710) * Check if array elements exist before using them (server#23713) * Fix default quota display value in user row (server#23726) * Use lib instead if core as l10n module in OC_Files (server#23727) * Specify accept argument to avatar upload input field (server#23732) * Save email as lower case (server#23733) * Reset avatar cropper before showing (server#23736) * Also run the SabreAuthInitEvent for the main server (server#23745) * Type the \OCP\IUserManager::callForAllUsers closure with Psalm (server#23749) * Type the \OCP\AppFramework\Services\IInitialState::provideLazyInitial… (server#23751) * Don't overwrite the event if we use it later (server#23753) * Inform the user when flow config data exceeds thresholds (server#23759) * Type the \OCP\IUserManager::callForSeenUsers closure with Psalm (server#23763) * Catch errors when closing file conflict dialog (server#23774) * Document the backend registered events of LDAP (server#23779) * Fetch the logger and system config once for all query builder instances (server#23787) * Type the event dispatcher listener callables with Psalm (server#23789) * Only run phpunit when 'php' changed (server#23794) * Remove bold font-weight and lower font-size for empty search box (server#23829) * No need to check if there is an avatar available, because it is gener… (server#23846) * Ensure filepicker list is empty before populating (server#23850) * UserStatus: clear status message if message is null (server#23858) * Fix grid view toggle in tags view (server#23874) * Restrict query when searching for versions of trashbin files (server#23884) * Fix potentially passing null to events where IUser is expected (server#23894) * Make user status styles scoped (server#23899) * Move help to separate stylesheet (server#23900) * Add default font size (server#23902) * Do not emit UserCreatedEvent twice (server#23917) * Bearer must be in the start of the auth header (server#23924) * Fix casting of integer and boolean on Oracle (server#23935) * Skip already loaded apps in loadApps (server#23948) * Fix repair mimetype step to not leave stray cursors (server#23950) * Improve query type detection (server#23951) * Fix iLike() falsely turning escaped % and _ into wildcards (server#23954) * Replace some usages of OC_DB in OC\Share\* with query builder (server#23955) * Use query builder instead of OC_DB in trashbin (server#23971) * Fix greatest/least order for oracle (server#23975) * Fix link share label placeholder not showing (server#23992) * Unlock when promoting to exclusive lock fails (server#23995) * Make sure root storage is valid before checking its size (server#23996) * Use query builder instead of OC_DB in OC\Files\* (server#23998) * Shortcut to avoid file system setup when generating the logo URL (server#24001) * Remove old legacy scripts references (server#24004) * Fix js search in undefined ocs response (server#24012) * Don't leave cursors open (server#24033) * Fix sharing tab state not matching resharing admin settings (server#24044) * Run unit tests against oracle (server#24049) * Use png icons in caldav reminder emails (server#24050) * Manually iterate over calendardata when oracle is used (server#24058) * Make is_user_defined nullable so we can store false on oracle (server#24079) * Fix default internal expiration date enforce (server#24081) * Register new command db:add-missing-primary-keys (server#24106) * Convert the card resource to a string if necessary (server#24114) * Don't throw on SHOW VERSION query (server#24147) * Bump dompurify to 2.2.2 (server#24153) * Set up FS before querying storage info in settings (server#24156) * Fix default internal expiration date (server#24159) * CircleId too short in some request (server#24178) * Revert 'circleId too short in some request' (server#24183) * Missing level in ScopedPsrLogger (server#24212) * Fix activity spinner on empty activity (activity#523) * Add OCI github action (activity#528) * Disable download button by default (files_pdfviewer#257) * Feat/dependabot ga/stable20 (firstrunwizard#442) * Fix loading notifications without a message on oracle (notifications#796) * Do not setup appdata in constructor to avoid errors causing the whole instance to stop working (text#1105) * Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (text#1125) * Bump sass-loader from 10.0.1 to 10.0.5 (text#1134) * Bump webpack from 4.44.1 to 4.44.2 (text#1140) * Bump dependencies to version in range (text#1164) * Validate link on click (text#1166) * Add migration to fix oracle issues with the database schema (text#1177) * Bump cypress from 4.12.1 to 5.1.0 (text#1179) * Fix URL escaping of shared files (viewer#681) * Fix component click outside and cleanup structure (viewer#684) Update to 20.0.1 No changelog from upstream at this time. Update to 20.0.0 * Changes The three biggest features we introduce with Nextcloud 20 are: - Our new dashboard provides a great starting point for the day with over a dozen widgets ranging from Twitter and Github to Moodle and Zammad already available - Search was unified, bringing search results of Nextcloud apps as well as external services like Gitlab, Jira and Discourse in one place - Talk introduced bridging to other platforms including MS Teams, Slack, IRC, Matrix and a dozen others * Some other improvements we want to highlight include: - Notifications and Activities were brought together, making sure you won’t miss anything important - We added a ‘status’ setting so you can communicate to other users what you are up to - Talk also brings dashboard and search integration, emoji picker, upload view, camera and microphone settings, mute and more - Calendar integrates in dashboard and search, introduced a list view and design improvements - Mail introduces threaded view, mailbox management and more - Deck integrates with dashboard and search, introduces Calendar integration, modal view for card editing and series of smaller improvements - Flow adds push notification and webhooks so other web apps can easily integrate with Nextcloud - Text introduced direct linking to files in Nextcloud - Files lets you add a description to public link shares + Read the full announcement on our blog - NC-SA-2020-037 - CVE-2020-8295: Fixed Denial of service attack when resetting the password for a user(boo#1181804) - Update to 20.0.11 - Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied - Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse - Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly logged - Fix boo#1188250 - CVE-2021-32688: lacking permission check with application specific tokens - Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo endpoint - Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV endpoint - Fix boo#1188253 - CVE-2021-32725: default share permissions were not being respected for federated reshares of files and folders - Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after a user has been deleted - Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on shared files - Fix boo#1188256 - CVE-2021-32741: lack of ratelimiting on the public share link mount endpoint - Bump handlebars from 4.7.6 to 4.7.7 (server#26900) - Bump lodash from 4.17.20 to 4.17.21 (server#26909) - Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920) - Don't break OCC if an app is breaking in it's Application class (server#26954) - Add bruteforce protection to the shareinfo endpoint (server#26956) - Ignore readonly flag for directories (server#26965) - Throttle MountPublicLinkController when share is not found (server#26971) - Respect default share permissions for federated reshares (server#27001) - Harden apptoken check (server#27014) - Use parent wrapper to properly handle moves on the same source/target storage (server#27016) - Fix error when using CORS with no auth credentials (server#27027) - Fix return value of getStorageInfo when 'quota_include_external_storage' is enabled (server#27108) - Bump patch dependencies (server#27183) - Use noreply@ as email address for share emails (server#27209) - Bump p-queue from 6.6.1 to 6.6.2 (server#27226) - Bump browserslist from 4.14.0 to 4.16.6 (server#27247) - Bump webpack from 4.44.1 to 4.44.2 (server#27297) - Properly use limit and offset for search in Jail wrapper (server#27308) - Make user:report command scale (server#27319) - Properly log expiration date removal in audit log (server#27325) - Propagate throttling on OCS response (server#27337) - Set umask before operations that create local files (server#27349) - Escape filename in Content-Disposition (server#27360) - Don't update statuses to offline again and again (server#27412) - Header must contain a colon (server#27456) - Activate constraint check for oracle / pqsql also for 20 (server#27523) - Only allow removing existing shares that would not be allowed due to reshare restrictions (server#27552) - Bump ws from 7.3.1 to 7.5.0 (server#27570) - Properly cleanup entries of WebAuthn on user deletion (server#27596) - Throttle on public DAV endpoint (server#27617) - Bump vue-loader from 15.9.3 to 15.9.7 (server#27639) - Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (server#27651) - Validate the theming color also on CLI (server#27680) - Downstream encryption:fix-encrypted-version for repairing bad signature errors (server#27728) - Remove encodeURI code (files_pdfviewer#396) - Only ask for permissions on HTTPS (notifications#998) - Fix sorting if one of the file name is only composed with number (photos#785) - Backport 20 fix Photos not shown in large browser windows #630 (#686) (photos#810) - Update File.vue (photos#813) - Update chart.js (serverinfo#309) - Only return workspace property for top node in a propfind request (text#1611) - ViewerComponent: pass on autofocus to EditorWrapper (text#1647) - Use text/plain as content type for fetching the document (text#1692) - Log exceptions that happen on unknown exception and return generic messages (text#1698) - Add fixup (viewer#924) - Fix: fullscreen for Firefox (viewer#929) Update to 20.0.7 - Catch NotFoundException when querying quota (server#25315) - CalDAV] Validate notified emails (server#25324) - Fix/app fetcher php compat comparison (server#25347) - Show the actual error on share requests (server#25352) - Fix parameter provided as string not array (server#25366) - The objectid is a string (server#25374) - 20.0.7 final (server#25387) - Properly handle SMB ACL blocking scanning a directory (server#25421) - Don't break completely when creating the digest fail for one user (activity#556) - Only attempt to use a secure view if hide download is actually set (files_pdfviewer#296) - Fix opening PDF files with special characters in their name (files_pdfviewer#298) - Fix PDF viewer failing on Edge (not based on Chromium) (files_pdfviewer#299) - Cannot unfold plain text notifications (notifications#846) - Remove EPUB mimetype (text#1391) Update to 20.0.6 - Make sure to do priority app upgrades first (server#25077) - Respect DB restrictions on number of arguments in statements and queries (server#25120) - Add a hint about the direction of priority (server#25143) - Do not redirect to logout after login (server#25146) - Fix comparison of PHP versions (server#25152) - Add 'composer.lock' for acceptance tests to git (server#25178) - Update CRL due to revoked gravatar.crl (server#25190) - Don't log keys on checkSignature (server#25193) - Update 3rdparty after Archive_Tar (server#25199) - Bump CA bundle (server#25219) - Update handling of user credentials (server#25225) - Fix encoding issue with OC.Notification.show (server#25244) - Also use storage copy when dav copying directories (server#25261) - Silence log message (server#25263) - Extend ILDAPProvider to allow reading arbitrairy ldap attributes for users (server#25276) - Do not obtain userFolder of a federated user (server#25278) - Bump pear/archive_tar from 1.4.11 to 1.4.12 (3rdparty#603) - Add gitignore entry for .github folder of dependencies (3rdparty#604) - Clear event array on getting them (activity#551) Update to 20.0.5 - Don't log params of imagecreatefromstring (server#24546) - Use storage copy implementation when doing dav copy (server#24590) - Use in objectstore copy (server#24592) - Add tel, note, org and title search (server#24697) - Check php compatibility of app store app releases (server#24698) - Fix #24682]: ensure federation cloud id is retruned if FN property not found (server#24709) - Do not include non-required scripts on the upgrade page (server#24714) - LDAP: fix inGroup for memberUid type of group memberships (server#24716) - Cancel user search requests to avoid duplicate results being added (server#24728) - Also unset the other possible unused paramters (server#24751) - Enables the file name check also to match name of mountpoints (server#24760) - Fixes sharing to group ids with characters that are being url encoded (server#24763) - Limit getIncomplete query to one row (server#24791) - Fix Argon2 descriptions (server#24792) - Actually set the TTL on redis set (server#24798) - Allow to force rename a conflicting calendar (server#24806) - Fix IPv6 localhost regex (server#24823) - Catch the error on heartbeat update (server#24826) - Make oc_files_trash.auto_id a bigint (server#24853) - Fix total upload size overwritten by next upload (server#24854) - Avoid huge exception argument logging (server#24876) - Make share results distinguishable if there are more than one with the exact same display name (server#24878) - Add migration for oc_share_external columns (server#24963) - Don't throw a 500 when importing a broken ics reminder file (server#24972) - Fix unreliable ViewTest (server#24976) - Update root.crl due to revocation of transmission.crt (server#24990) - Set the JSCombiner cache if needed (server#24997) - Fix column name to check prior to deleting (server#25009) - Catch throwable instead of exception (server#25013) - Set the user language when adding the footer (server#25019) - Change defaultapp in config.sample.php to dashboard to improve docs and align it to source code (server#25030) - Fix clearing the label of a share (server#25035) - Update psalm-baseline.xml (server#25066) - Don't remove assignable column for now (server#25074) - Add setup check to verify that the used DB version is still supported… (server#25076) - Correctly set the user for activity parsing when preparing a notifica… (activity#542) - Bump vue-virtual-grid from 2.2.1 to 2.3.0 (photos#597) - Catch possible database exceptions when fetching document data (text#1221) - Make sure we have the proper PHP version installed before running composer (text#1234) - Revert removal of transformResponse (text#1235) - Bump prosemirror-view from 1.16.1 to 1.16.5 (text#1255) - Bump @babel/preset-env from 7.12.1 to 7.12.11 (text#1257) - Bump babel-loader from 8.1.0 to 8.2.2 (text#1259) - Bump eslint-plugin-standard from 4.0.2 to 4.1.0 (text#1261) - Bump vue-loader from 15.9.5 to 15.9.6 (text#1263) - Bump prosemirror-model from 1.12.0 to 1.13.1 (text#1265) - Bump core-js from 3.7.0 to 3.8.1 (text#1266) - Bump stylelint from 13.7.2 to 13.8.0 (text#1269) - Bump @babel/plugin-transform-runtime from 7.12.1 to 7.12.10 (text#1271) - Bump sass-loader from 10.0.5 to 10.1.0 (text#1273) - Bump webpack-merge from 5.3.0 to 5.7.2 (text#1274) - Bump @babel/core from 7.12.3 to 7.12.10 (text#1277) - Bump cypress from 5.1.0 to 5.6.0 (text#1278) - Bump @vue/test-utils from 1.1.1 to 1.1.2 (text#1279) - Bump webpack-merge from 5.7.2 to 5.7.3 (text#1303) - The apache subpackage must require the main package, otherwise it will not be uninstalled when the main package is uninstalled. Update to 20.0.4 - Avoid dashboard crash when accessibility app is not installed (server#24636) - Bump ini from 1.3.5 to 1.3.7 (server#24649) - Handle owncloud migration to latest release (server#24653) - Use string for storing a OCM remote id (server#24654) - Fix MySQL database size calculation (serverinfo#262) - Bump cypress-io/github-action@v2 (viewer#722) - Fix] sidebar opening animation (viewer#723) - Fix not.exist cypress and TESTING checks (viewer#725) - Put apache configuration files in separate subpackage. - Use apache-rpm-macros for SUSE. - Change oc_* macros to nc_* macros. - Insert macro apache_serverroot also in cron files. Update to 20.0.3 * Check quota of subdirectories when uploading to them (server#24181) * CircleId too short in some request (server#24196) * Missing level in ScopedPsrLogger (server#24212) * Fix nextcloud logo in email notifications misalignment (server#24228) * Allow selecting multiple columns with SELECT DISTINCT (server#24230) * Use file name instead of path in 'not allowed to share' message (server#24231) * Fix setting images through occ for theming (server#24232) * Use regex when searching on single file shares (server#24239) * Harden EncryptionLegacyCipher a bit (server#24249) * Update ScanLegacyFormat.php (server#24258) * Simple typo in comments (server#24259) * Use correct year for generated birthdays events (server#24263) * Delete files that exceed trashbin size immediately (server#24297) * Update sabre/xml to fix XML parsing errors (server#24311) * Only check path for being accessible when the storage is a object home (server#24325) * Avoid empty null default with value that will be inserted anyways (server#24333) * Fix contacts menu position and show uid as a tooltip (server#24342) * Fix the config key on the sharing expire checkbox (server#24346) * Set the display name of federated sharees from addressbook (server#24353) * Catch storage not available in versions expire command (server#24367) * Use proper bundles for files client and fileinfo (server#24377) * Properly encode path when fetching inherited shares (server#24387) * Formatting remote sharer should take protocol, path into account (server#24391) * Make sure we add new line between vcf groups exports (server#24443) * Fix public calendars shared to circles (server#24446) * Store scss variables under a different prefix for each theming config version (server#24453) * External storages: save group ids not display names in configuration (server#24455) * Use correct l10n source in files_sharing JS code (server#24462) * Set frame-ancestors to none if none are filled (server#24477) * Move the password fiels of chaging passwords to post (server#24478) * Move the global password for files external to post (server#24479) * Only attempt to move to trash if a file is not in appdata (server#24483) * Fix loading mtime of new file in conflict dialog in firefox (server#24491) * Harden setup check for TLS version if host is not reachable (server#24502) * Fix file size computation on 32bit platforms (server#24509) * Allow subscription to indicate that a userlimit is reached (server#24511) * Set mountid for personal external storage mounts (server#24513) * Only execute plain mimetype check for directories and do the fallback… (server#24517) * Fix vsprint parameter (server#24527) * Replace abandoned log normalizer with our fork (server#24530) * Add icon to user limit notification (server#24531) * Also run repair steps when encryption is disabled but a legacy key is present (server#24532) * [3rdparty][security] Archive TAR to 1.4.11 (server#24534) * Generate a new session id if the decrypting the session data fails (server#24553) * Revert 'Do not read certificate bundle from data dir by default' (server#24556) * Dont use system composer for autoload checker (server#24557) * Remember me is not an app_password (server#24563) * Do not load nonexisting setup.js (server#24582) * Update sabre/xml to fix XML parsing errors (3rdparty#529) * Use composer v1 on CI (3rdparty#532) * Bump pear/archive_tar from 1.4.9 to 1.4.11 (3rdparty#536) * Replace abandoned log normalizer with our fork (3rdparty#543) * Allow nullable values as subject params (activity#535) * Don't log when unknown array is null (notifications#803) * Feat/virtual grid (photos#550) * Make sure we have a string to localecompare to (photos#583) * Always get recommendations for dashboard if enabled (recommendations#336) * Properly fetch oracle database information (serverinfo#258) * Also register to urlChanged event to update RichWorkspace (text#1181) * Move away from GET (text#1214) Update to 20.0.2 * CVE-2020-8293: Fixed input validation which allowed users to store unlimited data in workflow rules (boo#1181445). * CVE-2020-8294: Fixed a missing link validation (boo#1181803). * Inidicate preview availability in share api responses (server#23419) * CalDavBackend: check if timerange is array before accessing (server#23563) * Some emojis are in CHAR_CATEGORY_GENERAL_OTHER_TYPES (server#23575) * Also expire share type email (server#23583) * Only use index of mount point when it is there (server#23611) * Only retry fetching app store data once every 5 minutes in case it fails (server#23633) * Bring back the restore share button (server#23636) * Fix updates of NULL appconfig values (server#23641) * Fix sharing input placeholder for emails (server#23646) * Use bigint for fileid in filecache_extended (server#23690) * Enable theming background transparency (server#23699) * Fix sharer flag on ldap:show-remnants when user owned more than a single share (server#23702) * Make sure the function signatures of the backgroundjob match (server#23710) * Check if array elements exist before using them (server#23713) * Fix default quota display value in user row (server#23726) * Use lib instead if core as l10n module in OC_Files (server#23727) * Specify accept argument to avatar upload input field (server#23732) * Save email as lower case (server#23733) * Reset avatar cropper before showing (server#23736) * Also run the SabreAuthInitEvent for the main server (server#23745) * Type the \OCP\IUserManager::callForAllUsers closure with Psalm (server#23749) * Type the \OCP\AppFramework\Services\IInitialState::provideLazyInitial… (server#23751) * Don't overwrite the event if we use it later (server#23753) * Inform the user when flow config data exceeds thresholds (server#23759) * Type the \OCP\IUserManager::callForSeenUsers closure with Psalm (server#23763) * Catch errors when closing file conflict dialog (server#23774) * Document the backend registered events of LDAP (server#23779) * Fetch the logger and system config once for all query builder instances (server#23787) * Type the event dispatcher listener callables with Psalm (server#23789) * Only run phpunit when 'php' changed (server#23794) * Remove bold font-weight and lower font-size for empty search box (server#23829) * No need to check if there is an avatar available, because it is gener… (server#23846) * Ensure filepicker list is empty before populating (server#23850) * UserStatus: clear status message if message is null (server#23858) * Fix grid view toggle in tags view (server#23874) * Restrict query when searching for versions of trashbin files (server#23884) * Fix potentially passing null to events where IUser is expected (server#23894) * Make user status styles scoped (server#23899) * Move help to separate stylesheet (server#23900) * Add default font size (server#23902) * Do not emit UserCreatedEvent twice (server#23917) * Bearer must be in the start of the auth header (server#23924) * Fix casting of integer and boolean on Oracle (server#23935) * Skip already loaded apps in loadApps (server#23948) * Fix repair mimetype step to not leave stray cursors (server#23950) * Improve query type detection (server#23951) * Fix iLike() falsely turning escaped % and _ into wildcards (server#23954) * Replace some usages of OC_DB in OC\Share\* with query builder (server#23955) * Use query builder instead of OC_DB in trashbin (server#23971) * Fix greatest/least order for oracle (server#23975) * Fix link share label placeholder not showing (server#23992) * Unlock when promoting to exclusive lock fails (server#23995) * Make sure root storage is valid before checking its size (server#23996) * Use query builder instead of OC_DB in OC\Files\* (server#23998) * Shortcut to avoid file system setup when generating the logo URL (server#24001) * Remove old legacy scripts references (server#24004) * Fix js search in undefined ocs response (server#24012) * Don't leave cursors open (server#24033) * Fix sharing tab state not matching resharing admin settings (server#24044) * Run unit tests against oracle (server#24049) * Use png icons in caldav reminder emails (server#24050) * Manually iterate over calendardata when oracle is used (server#24058) * Make is_user_defined nullable so we can store false on oracle (server#24079) * Fix default internal expiration date enforce (server#24081) * Register new command db:add-missing-primary-keys (server#24106) * Convert the card resource to a string if necessary (server#24114) * Don't throw on SHOW VERSION query (server#24147) * Bump dompurify to 2.2.2 (server#24153) * Set up FS before querying storage info in settings (server#24156) * Fix default internal expiration date (server#24159) * CircleId too short in some request (server#24178) * Revert 'circleId too short in some request' (server#24183) * Missing level in ScopedPsrLogger (server#24212) * Fix activity spinner on empty activity (activity#523) * Add OCI github action (activity#528) * Disable download button by default (files_pdfviewer#257) * Feat/dependabot ga/stable20 (firstrunwizard#442) * Fix loading notifications without a message on oracle (notifications#796) * Do not setup appdata in constructor to avoid errors causing the whole instance to stop working (text#1105) * Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (text#1125) * Bump sass-loader from 10.0.1 to 10.0.5 (text#1134) * Bump webpack from 4.44.1 to 4.44.2 (text#1140) * Bump dependencies to version in range (text#1164) * Validate link on click (text#1166) * Add migration to fix oracle issues with the database schema (text#1177) * Bump cypress from 4.12.1 to 5.1.0 (text#1179) * Fix URL escaping of shared files (viewer#681) * Fix component click outside and cleanup structure (viewer#684) Update to 20.0.1 No changelog from upstream at this time. Update to 20.0.0 * Changes The three biggest features we introduce with Nextcloud 20 are: - Our new dashboard provides a great starting point for the day with over a dozen widgets ranging from Twitter and Github to Moodle and Zammad already available - Search was unified, bringing search results of Nextcloud apps as well as external services like Gitlab, Jira and Discourse in one place - Talk introduced bridging to other platforms including MS Teams, Slack, IRC, Matrix and a dozen others * Some other improvements we want to highlight include: - Notifications and Activities were brought together, making sure you won’t miss anything important - We added a ‘status’ setting so you can communicate to other users what you are up to - Talk also brings dashboard and search integration, emoji picker, upload view, camera and microphone settings, mute and more - Calendar integrates in dashboard and search, introduced a list view and design improvements - Mail introduces threaded view, mailbox management and more - Deck integrates with dashboard and search, introduces Calendar integration, modal view for card editing and series of smaller improvements - Flow adds push notification and webhooks so other web apps can easily integrate with Nextcloud - Text introduced direct linking to files in Nextcloud - Files lets you add a description to public link shares + Read the full announcement on our blog - NC-SA-2020-037 - CVE-2020-8295: Fixed Denial of service attack when resetting the password for a user(boo#1181804) - Update to 20.0.11 - Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied - Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse - Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly logged - Fix boo#1188250 - CVE-2021-32688: lacking permission check with application specific tokens - Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo endpoint - Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV endpoint - Fix boo#1188253 - CVE-2021-32725: default share permissions were not being respected for federated reshares of files and folders - Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after a user has been deleted - Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on shared files - Fix boo#1188256 - CVE-2021-32741: lack of ratelimiting on the public share link mount endpoint - Bump handlebars from 4.7.6 to 4.7.7 (server#26900) - Bump lodash from 4.17.20 to 4.17.21 (server#26909) - Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920) - Don't break OCC if an app is breaking in it's Application class (server#26954) - Add bruteforce protection to the shareinfo endpoint (server#26956) - Ignore readonly flag for directories (server#26965) - Throttle MountPublicLinkController when share is not found (server#26971) - Respect default share permissions for federated reshares (server#27001) - Harden apptoken check (server#27014) - Use parent wrapper to properly handle moves on the same source/target storage (server#27016) - Fix error when using CORS with no auth credentials (server#27027) - Fix return value of getStorageInfo when 'quota_include_external_storage' is enabled (server#27108) - Bump patch dependencies (server#27183) - Use noreply@ as email address for share emails (server#27209) - Bump p-queue from 6.6.1 to 6.6.2 (server#27226) - Bump browserslist from 4.14.0 to 4.16.6 (server#27247) - Bump webpack from 4.44.1 to 4.44.2 (server#27297) - Properly use limit and offset for search in Jail wrapper (server#27308) - Make user:report command scale (server#27319) - Properly log expiration date removal in audit log (server#27325) - Propagate throttling on OCS response (server#27337) - Set umask before operations that create local files (server#27349) - Escape filename in Content-Disposition (server#27360) - Don't update statuses to offline again and again (server#27412) - Header must contain a colon (server#27456) - Activate constraint check for oracle / pqsql also for 20 (server#27523) - Only allow removing existing shares that would not be allowed due to reshare restrictions (server#27552) - Bump ws from 7.3.1 to 7.5.0 (server#27570) - Properly cleanup entries of WebAuthn on user deletion (server#27596) - Throttle on public DAV endpoint (server#27617) - Bump vue-loader from 15.9.3 to 15.9.7 (server#27639) - Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (server#27651) - Validate the theming color also on CLI (server#27680) - Downstream encryption:fix-encrypted-version for repairing bad signature errors (server#27728) - Remove encodeURI code (files_pdfviewer#396) - Only ask for permissions on HTTPS (notifications#998) - Fix sorting if one of the file name is only composed with number (photos#785) - Backport 20 fix Photos not shown in large browser windows #630 (#686) (photos#810) - Update File.vue (photos#813) - Update chart.js (serverinfo#309) - Only return workspace property for top node in a propfind request (text#1611) - ViewerComponent: pass on autofocus to EditorWrapper (text#1647) - Use text/plain as content type for fetching the document (text#1692) - Log exceptions that happen on unknown exception and return generic messages (text#1698) - Add fixup (viewer#924) - Fix: fullscreen for Firefox (viewer#929) Important SUSE bug 1181445 SUSE bug 1181803 SUSE bug 1181804 SUSE bug 1188247 SUSE bug 1188248 SUSE bug 1188249 SUSE bug 1188250 SUSE bug 1188251 SUSE bug 1188252 SUSE bug 1188253 SUSE bug 1188254 SUSE bug 1188255 SUSE bug 1188256 CVE-2020-8293 CVE-2020-8294 CVE-2020-8295 CVE-2021-32678 CVE-2021-32679 CVE-2021-32680 CVE-2021-32688 CVE-2021-32703 CVE-2021-32705 CVE-2021-32725 CVE-2021-32726 CVE-2021-32734 CVE-2021-32741 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178909 SUSE bug 1179503 CVE-2020-25709 CVE-2020-25710 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for caribou fixes the following issues: Security issue fixed: - CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1186617 SUSE bug 1187112 CVE-2021-3567 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 91.0.4472.164 (boo#1188373) * CVE-2021-30559: Out of bounds write in ANGLE * CVE-2021-30541: Use after free in V8 * CVE-2021-30560: Use after free in Blink XSLT * CVE-2021-30561: Type Confusion in V8 * CVE-2021-30562: Use after free in WebSerial * CVE-2021-30563: Type Confusion in V8 * CVE-2021-30564: Heap buffer overflow in WebXR * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1188373 CVE-2021-30541 CVE-2021-30559 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write affecting Linux was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: fs/seq_file.c did not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05 (bnc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-3612: An out-of-bounds memory write flaw was found in the joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1187585 ). - CVE-2021-35039: kernel/module.c in the Linux kernel mishandled Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bnc#1188080). The following non-security bugs were fixed: - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - Fix meta data in lpfc-decouple-port_template-and-vport_template.patch - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gve: Add dqo descriptors (bsc#1176940). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: fix device register error path (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes). - Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of 'sym-offset' modifier (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). Important SUSE bug 1065729 SUSE bug 1085224 SUSE bug 1094840 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1170511 SUSE bug 1176940 SUSE bug 1179243 SUSE bug 1180092 SUSE bug 1183871 SUSE bug 1184114 SUSE bug 1184804 SUSE bug 1185308 SUSE bug 1185791 SUSE bug 1186206 SUSE bug 1187215 SUSE bug 1187585 SUSE bug 1188036 SUSE bug 1188062 SUSE bug 1188080 SUSE bug 1188116 SUSE bug 1188121 SUSE bug 1188176 SUSE bug 1188267 SUSE bug 1188268 SUSE bug 1188269 SUSE bug 1188405 SUSE bug 1188445 CVE-2021-22555 CVE-2021-33909 CVE-2021-35039 CVE-2021-3609 CVE-2021-3612 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.16 fixes the following issues: go1.16.6 (released 2021-07-12, bsc#1182345) includes a security fix to the crypto/tls package, as well as bug fixes to the compiler, and the net and net/http packages. Security issue fixed: CVE-2021-34558: Fixed crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (bsc#1188229) go1.16 release: * bsc#1188229 go#47143 CVE-2021-34558 * go#47145 security: fix CVE-2021-34558 * go#46999 net: LookupMX behaviour broken * go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3 * go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora * go#46657 runtime: deeply nested struct initialized with non-zero values * go#44984 net/http: server not setting Content-Length in certain cases Important SUSE bug 1182345 SUSE bug 1188229 CVE-2021-34558 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.15 fixes the following issues: - go1.15.14 (released 2021-07-12) includes a security fix to the crypto/tls package, as well as bug fixes to the linker, and the net package. CVE-2021-34558 Refs bsc#1175132 go1.15 release tracking * bsc#1188229 go#47143 CVE-2021-34558 * go#47144 security: fix CVE-2021-34558 * go#47012 net: LookupMX behaviour broken * go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3 * go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora * go#46684 x/build/cmd/release: linux-armv6l release tests aren't passing * go#46656 runtime: deeply nested struct initialized with non-zero values - Fix extraneous trailing percent character %endif% in spec file. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175132 SUSE bug 1188229 CVE-2021-34558 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1188282 CVE-2021-32760 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1184994 SUSE bug 1188063 CVE-2021-33910 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node (bsc#1187553) - Fix: history: use Path.mkdir instead of mkdir command(bsc#1179999, CVE-2020-35459) - Dev: crash_test: Add big warnings to have users' attention to potential failover(jsc#SLE-17979) - Dev: crash_test: rename preflight_check as crash_test(jsc#SLE-17979) - Fix: bootstrap: update sbd watchdog timeout when using diskless SBD with qdevice(bsc#1184465) - Dev: utils: allow configure link-local ipv6 address(bsc#1163460) - Fix: parse: shouldn't allow property setting with an empty value(bsc#1185423) - Fix: help: show help message from argparse(bsc#1175982) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1163460 SUSE bug 1175982 SUSE bug 1179999 SUSE bug 1184465 SUSE bug 1185423 SUSE bug 1187553 CVE-2020-35459 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for icinga2 fixes the following issues: icinga2 was updated to 2.12.5: Version 2.12.5 fixes two security vulnerabilities that may lead to privilege escalation for authenticated API users. Other improvements include several bugfixes related to downtimes, downtime notifications, and more reliable connection handling. * Security - Don't expose the PKI ticket salt via the API. This may lead to privilege escalation for authenticated API users by them being able to request certificates for other identities (CVE-2021-32739) - Don't expose IdoMysqlConnection, IdoPgsqlConnection, and ElasticsearchWriter passwords via the API (CVE-2021-32743) Depending on your setup, manual intervention beyond installing the new versions may be required, so please read the more detailed information in the release blog post carefully. * Bugfixes - Don't send downtime end notification if downtime hasn't started #8878 - Don't let a failed downtime creation block the others #8871 - Support downtimes and comments for checkables with long names #8870 - Trigger fixed downtimes immediately if the current time matches (instead of waiting for the timer) #8891 - Add configurable timeout for full connection handshake #8872 * Enhancements - Replace existing downtimes on ScheduledDowntime change #8880 - Improve crashlog #8869 Moderate CVE-2020-29663 CVE-2021-32739 CVE-2021-32743 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 * fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links * fixed: Folder Pane display theme fixes for macOS * fixed: Chat account settings did not always save as expected * fixed: RSS feed subscriptions sometimes lost * fixed: Calendar: A parsing error for alarm triggers of type 'DURATION' caused sync problems for some users * fixed: Various security fixes MFSA 2021-30 (bsc#1188275) * CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188275 CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for balsa fixes the following issues: Update to version 2.6.1 - CVE-2020-13645: fix server identity verification (boo#1172460) Moderate SUSE bug 1172460 CVE-2020-13645 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Update to version 77.0.4054.277: - DNA-94291 Video conference popout doesnt remember its size after resizing - DNA-94399 Incorrect icon for wp.pl in address bar dropdown - DNA-94462 Low quality of default wallpaper on windows - The update to chromium 91.0.4472.164 fixes following issues: CVE-2021-30541, CVE-2021-30560, CVE-2021-30561, CVE-2021-30562, CVE-2021-30563, CVE-2021-30564 Important CVE-2021-30541 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188697 CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for linuxptp fixes the following issues: - CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1187646 CVE-2021-3570 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fastjar fixes the following issues: - CVE-2010-2322: Fixed a directory traversal vulnerabilities. (bsc#1188517) This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1188517 CVE-2010-2322 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. (bsc#1187976) - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. (bsc#1187977) - CVE-2020-7774: fixes y18n Prototype Pollution. (bsc#1184450) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1184450 SUSE bug 1187976 SUSE bug 1187977 CVE-2020-7774 CVE-2021-23362 CVE-2021-27290 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for virtualbox fixes the following issues: Version bump to 6.1.26 (released July 28 2021 by Oracle) This is a maintenance release. The following items were fixed and/or added: - VMSVGA: fixed VM screen artifacts after restoring from saved state (bug #20067) - Storage: Fixed audio endianness for certain CUE sheet CD/DVD images. - VBoxHeadless: Running VM will save its state on host shutdown - VBoxManage: Fix OS detection for Ubuntu 20.10 ISO with unattended install - Linux Additions: Fixed mouse pointer offsetting issue for VMSVGA graphics adapter in multi-monitor VM setup (6.1.24 regression) Version bump to 6.1.24 (released July 20 2021 by Oracle) This is a maintenance release. The following items were fixed and/or added: - Storage: Fixed starting a VM if a device is attached to a VirtIO SCSI port higher than 30 (bug #20213) - Storage: Improvement to DVD medium change signaling - Serial: Fixed a the guest missing interrupts under certain circumstances (6.0 regression, bug #18668) - Audio: Multiple fixes and enhancements - Network: Fixed connectivity issue with virtio-net after resuming VM with disconnected link - Network: Fixed UDP GSO fragmentation issue with missing 8 bytes of payload at the end of the first fragment - API: Fixed VM configuration for recent Windows Server versions - Extension Pack: Fixed issues with USB webcam pass-through on Linux - Host and guest driver: Fix small memory leak (bug #20280) - Linux host and guest: Support kernel version 5.13 (bug #20456) - Linux host and guest: Introduce support for SUSE SLES/SLED 15 SP3 kernels (bug #20396) - Linux host: Installer will not attempt to build kernel modules if system already has them installed and modules versions match current version - Guest Additions: Fixed crash on using shared clipboard (bug #19165) - Linux Guest Additions: Introduce support for Ubuntu specific kernels (bug #20325) - Solaris guest: Increased default memory and disk sizes - EFI: Support network booting with the E1000 network controller emulation - EFI: Stability improvements (bug #20090) - This release fixes boo#1188535, VUL-0: CVE-2021-2454, boo#1188536, VUL-0: CVE-2021-2409, boo#1188537, VUL-0: CVE-2021-2442, and boo#1188538, VUL-0: CVE-2021-2443. - Add vboximg-mount to packaging. boo#1188045. - Fixed CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT problem with kernel 5.13 as shown in boo#1188105. - Disable the build of kmp vboxvideo, at least temporarily. - Correct WantedBy entry in vboxadd-service - Require which for /usr/lib/virtualbox/vboxadd-service - fix license packaging, small cruft cleanup (avoid owning directories provided by filesystem rpm) Important SUSE bug 1188045 SUSE bug 1188105 SUSE bug 1188535 SUSE bug 1188536 SUSE bug 1188537 SUSE bug 1188538 CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for apache-commons-compress fixes the following issues: - Updated to 1.21 - CVE-2021-35515: Fixed an infinite loop when reading a specially crafted 7Z archive. (bsc#1188463) - CVE-2021-35516: Fixed an excessive memory allocation when reading a specially crafted 7Z archive. (bsc#1188464) - CVE-2021-35517: Fixed an excessive memory allocation when reading a specially crafted TAR archive. (bsc#1188465) - CVE-2021-36090: Fixed an excessive memory allocation when reading a specially crafted ZIP archive. (bsc#1188466) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188463 SUSE bug 1188464 SUSE bug 1188465 SUSE bug 1188466 CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wireshark fixes the following issues: Update wireshark to 3.4.6. Including a fix for: - DVB-S2-BB dissector infinite loop (bsc#1186790). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1186790 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libvirt fixes the following issues: - CVE-2021-3631: fix SELinux label generation logic (bsc#1187871) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1184253 SUSE bug 1187871 CVE-2021-3631 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for aria2 fixes the following issues: Update to version 1.35.0: * Drop SSLv3.0 and TLSv1.0 and add TLSv1.3 * TLSv1.3 support is added for GNUTLS and OpenSSL. * Platform: Fix compilation without deprecated OpenSSL APIs * Remove linux getrandom and use C++ stdlib instead * Don't send Accept Metalink header if Metalink is disabled - Move bash completion to better location Update to version 1.34.0: * UnknownLengthPieceStorage: return piece length show something in console status when downloading items with unknown content length * Fix bug that signal handler does not work with libaria2 when aria2::RUN_ONCE is passed to aria2::run(). * Retry on HTTP 502 Moderate SUSE bug 1189107 CVE-2019-3500 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mysql-connector-java fixes the following issues: - CVE-2020-2875: Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors. (bsc#1173600) - CVE-2020-2934: Fixed a vulnerability which could cause a partial denial of service of MySQL Connectors. (bsc#1173600) - CVE-2020-2933: Fixed a vulnerability which could allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. (bsc#1173600) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1173600 CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdo_firebase module (bsc#1188035). - CVE-2021-21705: Fixed SSRF bypass in FILTER_VALIDATE_URL (bsc#1188037). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188035 SUSE bug 1188037 CVE-2021-21704 CVE-2021-21705 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 92.0.4515.131 (boo#1189006) * CVE-2021-30590: Heap buffer overflow in Bookmarks * CVE-2021-30591: Use after free in File System API * CVE-2021-30592: Out of bounds write in Tab Groups * CVE-2021-30593: Out of bounds read in Tab Strip * CVE-2021-30594: Use after free in Page Info UI * CVE-2021-30596: Incorrect security UI in Navigation * CVE-2021-30597: Use after free in Browser UI Chromium 92.0.4515.107 (boo#1188590) * CVE-2021-30565: Out of bounds write in Tab Groups * CVE-2021-30566: Stack buffer overflow in Printing * CVE-2021-30567: Use after free in DevTools * CVE-2021-30568: Heap buffer overflow in WebGL * CVE-2021-30569: Use after free in sqlite * CVE-2021-30571: Insufficient policy enforcement in DevTools * CVE-2021-30572: Use after free in Autofill * CVE-2021-30573: Use after free in GPU * CVE-2021-30574: Use after free in protocol handling * CVE-2021-30575: Out of bounds read in Autofill * CVE-2021-30576: Use after free in DevTools * CVE-2021-30577: Insufficient policy enforcement in Installer * CVE-2021-30578: Uninitialized Use in Media * CVE-2021-30579: Use after free in UI framework * CVE-2021-30581: Use after free in DevTools * CVE-2021-30582: Inappropriate implementation in Animation * CVE-2021-30584: Incorrect security UI in Downloads * CVE-2021-30585: Use after free in sensor handling * CVE-2021-30588: Type Confusion in V8 * CVE-2021-30589: Insufficient validation of untrusted input in Sharing Important SUSE bug 1188590 SUSE bug 1189006 CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568 CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573 CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577 CVE-2021-30578 CVE-2021-30579 CVE-2021-30581 CVE-2021-30582 CVE-2021-30584 CVE-2021-30585 CVE-2021-30588 CVE-2021-30589 CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593 CVE-2021-30594 CVE-2021-30596 CVE-2021-30597 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-CairoSVG, python-Pillow fixes the following issues: Update to version 2.5.1. * Security fix: When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time. * Fix marker positions for unclosed paths * Follow hint when only output_width or output_height is set * Handle opacity on raster images * Don’t crash when use tags reference unknown tags * Take care of the next letter when A/a is replaced by l * Fix misalignment in node.vertices Updates for version 2.5.0. * Drop support of Python 3.5, add support of Python 3.9. * Add EPS export * Add background-color, negate-colors, and invert-images options * Improve support for font weights * Fix opacity of patterns and gradients * Support auto-start-reverse value for orient * Draw images contained in defs * Add Exif transposition support * Handle dominant-baseline * Support transform-origin python-Pillow update to version 8.3.1: * Catch OSError when checking if fp is sys.stdout #5585 [radarhere] * Handle removing orientation from alternate types of EXIF data #5584 [radarhere] * Make Image.__array__ take optional dtype argument #5572 [t-vi, radarhere] * Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere] * Limit TIFF strip size when saving with LibTIFF #5514 [kmilos] * Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk] * De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [gofr, radarhere] * Replaced xml.etree.ElementTree #5565 [radarhere] * Moved CVE image to pillow-depends #5561 [radarhere] * Added tag data for IFD groups #5554 [radarhere] * Improved ImagePalette #5552 [radarhere] * Add DDS saving #5402 [radarhere] * Improved getxmp() #5455 [radarhere] * Convert to float for comparison with float in IFDRational __eq__ #5412 [radarhere] * Allow getexif() to access TIFF tag_v2 data #5416 [radarhere] * Read FITS image mode and size #5405 [radarhere] * Merge parallel horizontal edges in ImagingDrawPolygon #5347 [radarhere, hrdrq] * Use transparency behind first GIF frame and when disposing to background #5557 [radarhere, zewt] * Avoid unstable nature of qsort in Quant.c #5367 [radarhere] * Copy palette to new images in ImageOps expand #5551 [radarhere] * Ensure palette string matches RGB mode #5549 [radarhere] * Do not modify EXIF of original image instance in exif_transpose() #5547 [radarhere] * Fixed default numresolution for small JPEG2000 images #5540 [radarhere] * Added DDS BC5 reading #5501 [radarhere] * Raise an error if ImageDraw.textbbox is used without a TrueType font #5510 [radarhere] * Added ICO saving in BMP format #5513 [radarhere] * Ensure PNG seeks to end of previous chunk at start of load_end #5493 [radarhere] * Do not allow TIFF to seek to a past frame #5473 [radarhere] * Avoid race condition when displaying images with eog #5507 [mconst] * Added specific error messages when ink has incorrect number of bands #5504 [radarhere] * Allow converting an image to a numpy array to raise errors #5379 [radarhere] * Removed DPI rounding from BMP, JPEG, PNG and WMF loading #5476, #5470 [radarhere] * Remove spikes when drawing thin pieslices #5460 [xtsm] * Updated default value for SAMPLESPERPIXEL TIFF tag #5452 [radarhere] * Removed TIFF DPI rounding #5446 [radarhere, hugovk] * Include code in WebP error #5471 [radarhere] * Do not alter pixels outside mask when drawing text on an image with transparency #5434 [radarhere] * Reset handle when seeking backwards in TIFF #5443 [radarhere] * Replace sys.stdout with sys.stdout.buffer when saving #5437 [radarhere] * Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip #5426 [radarhere] * Fixed bug when checking FreeType2 version if it is not installed #5445 [radarhere] * Do not round dimensions when saving PDF #5459 [radarhere] * Added ImageOps contain() #5417 [radarhere, hugovk] * Changed WebP default 'method' value to 4 #5450 [radarhere] * Switched to saving 1-bit PDFs with DCTDecode #5430 [radarhere] * Use bpp from ICO header #5429 [radarhere] * Corrected JPEG APP14 transform value #5408 [radarhere] * Changed TIFF tag 33723 length to 1 #5425 [radarhere] * Changed ImageMorph incorrect mode errors to ValueError #5414 [radarhere] * Add EXIF tags specified in EXIF 2.32 #5419 [gladiusglad] * Treat previous contents of first GIF frame as transparent #5391 [radarhere] * For special image modes, revert default resize resampling to NEAREST #5411 [radarhere] * JPEG2000: Support decoding subsampled RGB and YCbCr images #4996 [nulano, radarhere] * Stop decoding BC1 punchthrough alpha in BC2&3 #4144 [jansol] * Use zero if GIF background color index is missing #5390 [radarhere] * Fixed ensuring that GIF previous frame was loaded #5386 [radarhere] * Valgrind fixes #5397 [wiredfool] * Round down the radius in rounded_rectangle #5382 [radarhere] * Fixed reading uncompressed RGB data from DDS #5383 [radarhere] update to version 8.2.0: * Added getxmp() method #5144 [UrielMaD, radarhere] * Add ImageShow support for GraphicsMagick #5349 [latosha-maltba, radarhere] * Do not load transparent pixels from subsequent GIF frames #5333 [zewt, radarhere] * Use LZW encoding when saving GIF images #5291 [raygard] * Set all transparent colors to be equal in quantize() #5282 [radarhere] * Allow PixelAccess to use Python __int__ when parsing x and y #5206 [radarhere] * Removed Image._MODEINFO #5316 [radarhere] * Add preserve_tone option to autocontrast #5350 [elejke, radarhere] * Fixed linear_gradient and radial_gradient I and F modes #5274 [radarhere] * Add support for reading TIFFs with PlanarConfiguration=2 #5364 [kkopachev, wiredfool, nulano] * Deprecated categories #5351 [radarhere] * Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [nulano] * Dynamically link FriBiDi instead of Raqm #5062 [nulano] * Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [radarhere] * Use duration from info dictionary when saving WebP #5338 [radarhere] * Stop flattening EXIF IFD into getexif() #4947 [radarhere, kkopachev] * Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images #5343 [radarhere] * Save ICC profile from TIFF encoderinfo #5321 [radarhere] * Moved RGB fix inside ImageQt class #5268 [radarhere] * Allow alpha_composite destination to be negative #5313 [radarhere] * Ensure file is closed if it is opened by ImageQt.ImageQt #5260 [radarhere] * Added ImageDraw rounded_rectangle method #5208 [radarhere] * Added IPythonViewer #5289 [radarhere, Kipkurui-mutai] * Only draw each rectangle outline pixel once #5183 [radarhere] * Use mmap instead of built-in Win32 mapper #5224 [radarhere, cgohlke] * Handle PCX images with an odd stride #5214 [radarhere] * Only read different sizes for 'Large Thumbnail' MPO frames #5168 [radarhere] * Added PyQt6 support #5258 [radarhere] * Changed Image.open formats parameter to be case-insensitive #5250 [Piolie, radarhere] * Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02) #5216 [radarhere] * Added tk version to pilinfo #5226 [radarhere, nulano] * Support for ignoring tests when running valgrind #5150 [wiredfool, radarhere, hugovk] * OSS-Fuzz support #5189 [wiredfool, radarhere] update to 8.1.2: - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins Update to 8.1.1 - Security * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c. * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack. * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0. There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow did not properly check the reported size of the contained image. These images could cause arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of ASU.edu. Other Changes - A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed - Fix rpmlint warning about duplicate file definition - Fix package build by relying on %python_subpackages for Obsoletes/Conflicts (boo#1181281) update to 8.1.0 (boo#1180833, boo#1180834, boo#1180832): * Fix TIFF OOB Write error. CVE-2020-35654 * Fix for Read Overflow in PCX Decoding. CVE-2020-35653 * Fix for SGI Decode buffer overrun. CVE-2020-35655 * Fix OOB Read when saving GIF of xsize=1 * Makefile updates * Add support for PySide6 * Use disposal settings from previous frame in APNG * Added exception explaining that _repr_png_ saves to PNG * Use previous disposal method in GIF load_end * Allow putpalette to accept 1024 integers to include alpha values * Fix OOB Read when writing TIFF with custom Metadata * Added append_images support for ICO * Block TIFFTAG_SUBIFD * Fixed dereferencing potential null pointers * Deprecate FreeType 2.7 * Moved warning to end of execution * Removed unused fromstring and tostring C methods * init() if one of the formats is unrecognised * Moved string_dimension CVE image to pillow-depends * Support raw rgba8888 for DDS update to version 8.0.1: * Update FreeType used in binary wheels to 2.10.4 to fix CVE-2020-15999. [radarhere] * Moved string_dimension image to pillow-depends #4993 [radarhere] changes from version 8.0.0: * Drop support for EOL Python 3.5 #4746, #4794 [hugovk, radarhere, nulano] * Drop support for PyPy3 < 7.2.0 #4964 [nulano] * Remove ImageCms.CmsProfile attributes deprecated since 3.2.0 #4768 [hugovk, radarhere] * Remove long-deprecated Image.py functions #4798 [hugovk, nulano, radarhere] * Add support for 16-bit precision JPEG quantization values #4918 [gofr] * Added reading of IFD tag type #4979 [radarhere] * Initialize offset memory for PyImagingPhotoPut #4806 [nqbit] * Fix TiffDecode comparison warnings #4756 [nulano] * Docs: Add dark mode #4968 [hugovk, nulano] * Added macOS SDK install path to library and include directories #4974 [radarhere, fxcoudert] * Imaging.h: prevent confusion with system #4923 [ax3l, ,radarhere] * Avoid using pkg_resources in PIL.features.pilinfo #4975 [nulano] * Add getlength and getbbox functions for TrueType fonts #4959 [nulano, radarhere, hugovk] * Allow tuples with one item to give single color value in getink #4927 [radarhere, nulano] * Add support for CBDT and COLR fonts #4955 [nulano, hugovk] * Removed OSError in favour of DecompressionBombError for BMP #4966 [radarhere] * Implemented another ellipse drawing algorithm #4523 [xtsm, radarhere] * Removed unused JpegImagePlugin._fixup_dict function #4957 [radarhere] * Added reading and writing of private PNG chunks #4292 [radarhere] * Implement anchor for TrueType fonts #4930 [nulano, hugovk] * Fixed bug in Exif __delitem__ #4942 [radarhere] * Fix crash in ImageTk.PhotoImage on MinGW 64-bit #4946 [nulano] * Moved CVE images to pillow-depends #4929 [radarhere] * Refactor font_getsize and font_render #4910 [nulano] * Fixed loading profile with non-ASCII path on Windows #4914 [radarhere] * Fixed effect_spread bug for zero distance #4908 [radarhere, hugovk] * Added formats parameter to Image.open #4837 [nulano, radarhere] * Added regular_polygon draw method #4846 [comhar] * Raise proper TypeError in putpixel #4882 [nulano, hugovk] * Added writing of subIFDs #4862 [radarhere] * Fix IFDRational __eq__ bug #4888 [luphord, radarhere] * Fixed duplicate variable name #4885 [liZe, radarhere] * Added homebrew zlib include directory #4842 [radarhere] * Corrected inverted PDF CMYK colors #4866 [radarhere] * Do not try to close file pointer if file pointer is empty #4823 [radarhere] * ImageOps.autocontrast: add mask parameter #4843 [navneeth, hugovk] * Read EXIF data tEXt chunk into info as bytes instead of string #4828 [radarhere] * Replaced distutils with setuptools #4797, #4809, #4814, #4817, #4829, #4890 [hugovk, radarhere] * Add MIME type to PsdImagePlugin #4788 [samamorgan] * Allow ImageOps.autocontrast to specify low and high cutoffs separately #4749 [millionhz, radarhere] update to version 7.2.0: * Do not convert I;16 images when showing PNGs #4744 [radarhere] * Fixed ICNS file pointer saving #4741 [radarhere] * Fixed loading non-RGBA mode APNGs with dispose background #4742 [radarhere] * Deprecated _showxv #4714 [radarhere] * Deprecate Image.show(command='...') #4646 [nulano, hugovk, radarhere] * Updated JPEG magic number #4707 [Cykooz, radarhere] * Change STRIPBYTECOUNTS to LONG if necessary when saving #4626 [radarhere, hugovk] * Write JFIF header when saving JPEG #4639 [radarhere] * Replaced tiff_jpeg with jpeg compression when saving TIFF images #4627 [radarhere] * Writing TIFF tags: improved BYTE, added UNDEFINED #4605 [radarhere] * Consider transparency when pasting text on an RGBA image #4566 [radarhere] * Added method argument to single frame WebP saving #4547 [radarhere] * Use ImageFileDirectory_v2 in Image.Exif #4637 [radarhere] * Corrected reading EXIF metadata without prefix #4677 [radarhere] * Fixed drawing a jointed line with a sequence of numeric values #4580 [radarhere] * Added support for 1-D NumPy arrays #4608 [radarhere] * Parse orientation from XMP tags #4560 [radarhere] * Speed up text layout by not rendering glyphs #4652 [nulano] * Fixed ZeroDivisionError in Image.thumbnail #4625 [radarhere] * Replaced TiffImagePlugin DEBUG with logging #4550 [radarhere] * Fix repeatedly loading .gbr #4620 [ElinksFr, radarhere] * JPEG: Truncate icclist instead of setting to None #4613 [homm] * Fixes default offset for Exif #4594 [rodrigob, radarhere] * Fixed bug when unpickling TIFF images #4565 [radarhere] * Fix pickling WebP #4561 [hugovk, radarhere] * Replace IOError and WindowsError aliases with OSError #4536 [hugovk, radarhere] Update to 7.1.2: * This fixes a regression introduced in 7.1.0 when adding support for APNG files. * When calling seek(n) on a regular PNG where n > 0, it failed to raise an EOFError as it should have done update to version 7.1.1: * Fix regression seeking and telling PNGs #4512 #4514 [hugovk, radarhere] changes from version 7.1.0: * Fix multiple OOB reads in FLI decoding #4503 [wiredfool] * Fix buffer overflow in SGI-RLE decoding #4504 [wiredfool, hugovk] * Fix bounds overflow in JPEG 2000 decoding #4505 [wiredfool] * Fix bounds overflow in PCX decoding #4506 [wiredfool] * Fix 2 buffer overflows in TIFF decoding #4507 [wiredfool] * Add APNG support #4243 [pmrowla, radarhere, hugovk] * ImageGrab.grab() for Linux with XCB #4260 [nulano, radarhere] * Added three new channel operations #4230 [dwastberg, radarhere] * Prevent masking of Image reduce method in Jpeg2KImagePlugin #4474 [radarhere, homm] * Added reading of earlier ImageMagick PNG EXIF data #4471 [radarhere] * Fixed endian handling for I;16 getextrema #4457 [radarhere] * Release buffer if function returns prematurely #4381 [radarhere] * Add JPEG comment to info dictionary #4455 [radarhere] * Fix size calculation of Image.thumbnail() #4404 [orlnub123] * Fixed stroke on FreeType < 2.9 #4401 [radarhere] * If present, only use alpha channel for bounding box #4454 [radarhere] * Warn if an unknown feature is passed to features.check() #4438 [jdufresne] * Fix Name field length when saving IM images #4424 [hugovk, radarhere] * Allow saving of zero quality JPEG images #4440 [radarhere] * Allow explicit zero width to hide outline #4334 [radarhere] * Change ContainerIO return type to match file object mode #4297 [jdufresne, radarhere] * Only draw each polygon pixel once #4333 [radarhere] * Add support for shooting situation Exif IFD tags #4398 [alexagv] * Handle multiple and malformed JPEG APP13 markers #4370 [homm] * Depends: Update libwebp to 1.1.0 #4342, libjpeg to 9d #4352 [radarhere] update to version 7.0.0: * Drop support for EOL Python 2.7 #4109 [hugovk, radarhere, jdufresne] * Fix rounding error on RGB to L conversion #4320 [homm] * Exif writing fixes: Rational boundaries and signed/unsigned types #3980 [kkopachev, radarhere] * Allow loading of WMF images at a given DPI #4311 [radarhere] * Added reduce operation #4251 [homm] * Raise ValueError for io.StringIO in Image.open #4302 [radarhere, hugovk] * Fix thumbnail geometry when DCT scaling is used #4231 [homm, radarhere] * Use default DPI when exif provides invalid x_resolution #4147 [beipang2, radarhere] * Change default resize resampling filter from NEAREST to BICUBIC #4255 [homm] * Fixed black lines on upscaled images with the BOX filter #4278 [homm] * Better thumbnail aspect ratio preservation #4256 [homm] * Add La mode packing and unpacking #4248 [homm] * Include tests in coverage reports #4173 [hugovk] * Handle broken Photoshop data #4239 [radarhere] * Raise a specific exception if no data is found for an MPO frame #4240 [radarhere] * Fix Unicode support for PyPy #4145 [nulano] * Added UnidentifiedImageError #4182 [radarhere, hugovk] * Remove deprecated __version__ from plugins #4197 [hugovk, radarhere] * Fixed freeing unallocated pointer when resizing with height too large #4116 [radarhere] * Copy info in Image.transform #4128 [radarhere] * Corrected DdsImagePlugin setting info gamma #4171 [radarhere] * Depends: Update libtiff to 4.1.0 #4195, Tk Tcl to 8.6.10 #4229, libimagequant to 2.12.6 #4318 [radarhere] * Improve handling of file resources #3577 [jdufresne] * Removed CI testing of Fedora 29 #4165 [hugovk] * Added pypy3 to tox envlist #4137 [jdufresne] * Drop support for EOL PyQt4 and PySide #4108 [hugovk, radarhere] * Removed deprecated setting of TIFF image sizes #4114 [radarhere] * Removed deprecated PILLOW_VERSION #4107 [hugovk] * Changed default frombuffer raw decoder args #1730 [radarhere] Update to 6.2.1: * Pillow 6.2.1 supports Python 3.8. Update to 6.2.0: * text stroking * image grab on multi-monitor windows * Full notes: https://pillow.readthedocs.io/en/stable/releasenotes/6.2.0.html update to version 6.1.0: * Deprecate Image.__del__ #3929 [jdufresne] * Tiff: Add support for JPEG quality #3886 [olt] * Respect the PKG_CONFIG environment variable when building #3928 [chewi] * Use explicit memcpy() to avoid unaligned memory accesses #3225 [DerDakon] * Improve encoding of TIFF tags #3861 [olt] * Update Py_UNICODE to Py_UCS4 #3780 [nulano] * Consider I;16 pixel size when drawing #3899 [radarhere] * Add TIFFTAG_SAMPLEFORMAT to blocklist #3926 [cgohlke, radarhere] * Create GIF deltas from background colour of GIF frames if disposal mode is 2 #3708 [sircinnamon, radarhere] * Added ImageSequence all_frames #3778 [radarhere] * Use unsigned int to store TIFF IFD offsets #3923 [cgohlke] * Include CPPFLAGS when searching for libraries #3819 [jefferyto] * Updated TIFF tile descriptors to match current decoding functionality #3795 [dmnisson] * Added an image.entropy() method (second revision) #3608 [fish2000] * Pass the correct types to PyArg_ParseTuple #3880 [QuLogic] * Fixed crash when loading non-font bytes #3912 [radarhere] * Fix SPARC memory alignment issues in Pack/Unpack functions #3858 [kulikjak] * Added CMYK;16B and CMYK;16N unpackers #3913 [radarhere] * Fixed bugs in calculating text size #3864 [radarhere] * Add __main__.py to output basic format and support information #3870 [jdufresne] * Added variation font support #3802 [radarhere] * Do not down-convert if image is LA when showing with PNG format #3869 [radarhere] * Improve handling of PSD frames #3759 [radarhere] * Improved ICO and ICNS loading #3897 [radarhere] * Changed Preview application path so that it is no longer static #3896 [radarhere] * Corrected ttb text positioning #3856 [radarhere] * Handle unexpected ICO image sizes #3836 [radarhere] * Fixed bits value for RGB;16N unpackers #3837 [kkopachev] * Travis CI: Add Fedora 30, remove Fedora 28 #3821 [hugovk] * Added reading of CMYK;16L TIFF images #3817 [radarhere] * Fixed dimensions of 1-bit PDFs #3827 [radarhere] * Fixed opening mmap image through Path on Windows #3825 [radarhere] * Fixed ImageDraw arc gaps #3824 [radarhere] * Expand GIF to include frames with extents outside the image size #3822 [radarhere] * Fixed ImageTk getimage #3814 [radarhere] * Fixed bug in decoding large images #3791 [radarhere] * Fixed reading APP13 marker without Photoshop data #3771 [radarhere] * Added option to include layered windows in ImageGrab.grab on Windows #3808 [radarhere] * Detect libimagequant when installed by pacman on MingW #3812 [radarhere] * Fixed raqm layout bug #3787 [radarhere] * Fixed loading font with non-Unicode path on Windows #3785 [radarhere] * Travis CI: Upgrade PyPy from 6.0.0 to 7.1.1 #3783 [hugovk, johnthagen] * Depends: Updated openjpeg to 2.3.1 #3794, raqm to 0.7.0 #3877, libimagequant to 2.12.3 #3889 [radarhere] * Fix numpy bool bug #3790 [radarhere] Update to 6.0.0: * Python 2.7 support will be removed in Pillow 7.0.0 #3682 [hugovk] * Add EXIF class #3625 [radarhere] * Add ImageOps exif_transpose method #3687 [radarhere] * Added warnings to deprecated CMSProfile attributes #3615 [hugovk] * Documented reading TIFF multiframe images #3720 [akuchling] * Improved speed of opening an MPO file #3658 [Glandos] * Update palette in quantize #3721 [radarhere] * Improvements to TIFF is_animated and n_frames #3714 [radarhere] * Fixed incompatible pointer type warnings #3754 [radarhere] * Improvements to PA and LA conversion and palette operations #3728 [radarhere] * Consistent DPI rounding #3709 [radarhere] * Change size of MPO image to match frame #3588 [radarhere] * Read Photoshop resolution data #3701 [radarhere] * Ensure image is mutable before saving #3724 [radarhere] * Correct remap_palette documentation #3740 [radarhere] * Promote P images to PA in putalpha #3726 [radarhere] * Allow RGB and RGBA values for new P images #3719 [radarhere] * Fixed TIFF bug when seeking backwards and then forwards #3713 [radarhere] * Cache EXIF information #3498 [Glandos] * Added transparency for all PNG greyscale modes #3744 [radarhere] * Fix deprecation warnings in Python 3.8 #3749 [radarhere] * Fixed GIF bug when rewinding to a non-zero frame #3716 [radarhere] * Only close original fp in __del__ and __exit__ if original fp is exclusive #3683 [radarhere] * Fix BytesWarning in Tests/test_numpy.py #3725 [jdufresne] * Add missing MIME types and extensions #3520 [pirate486743186] * Add I;16 PNG save #3566 [radarhere] * Add support for BMP RGBA bitfield compression #3705 [radarhere] * Added ability to set language for text rendering #3693 [iwsfutcmd] * Only close exclusive fp on Image __exit__ #3698 [radarhere] * Changed EPS subprocess stdout from devnull to None #3635 [radarhere] * Add reading old-JPEG compressed TIFFs #3489 [kkopachev] * Add EXIF support for PNG #3674 [radarhere] * Add option to set dither param on quantize #3699 [glasnt] * Add reading of DDS uncompressed RGB data #3673 [radarhere] * Correct length of Tiff BYTE tags #3672 [radarhere] * Add DIB saving and loading through Image open #3691 [radarhere] * Removed deprecated VERSION #3624 [hugovk] * Fix 'BytesWarning: Comparison between bytes and string' in PdfDict #3580 [jdufresne] * Do not resize in Image.thumbnail if already the destination size #3632 [radarhere] * Replace .seek() magic numbers with io.SEEK_* constants #3572 [jdufresne] * Make ContainerIO.isatty() return a bool, not int #3568 [jdufresne] * Add support to all transpose operations for I;16 modes #3563, #3741 [radarhere] * Deprecate support for PyQt4 and PySide #3655 [hugovk, radarhere] * Add TIFF compression codecs: LZMA, Zstd, WebP #3555 [cgohlke] * Fixed pickling of iTXt class with protocol > 1 #3537 [radarhere] * _util.isPath returns True for pathlib.Path objects #3616 [wbadart] * Remove unnecessary unittest.main() boilerplate from test files #3631 [jdufresne] * Exif: Seek to IFD offset #3584 [radarhere] * Deprecate PIL.*ImagePlugin.__version__ attributes #3628 [jdufresne] * Docs: Add note about ImageDraw operations that exceed image bounds #3620 [radarhere] * Allow for unknown PNG chunks after image data #3558 [radarhere] * Changed EPS subprocess stdin from devnull to None #3611 [radarhere] * Fix possible integer overflow #3609 [cgohlke] * Catch BaseException for resource cleanup handlers #3574 [jdufresne] * Improve pytest configuration to allow specific tests as CLI args #3579 [jdufresne] * Drop support for Python 3.4 #3596 [hugovk] * Remove deprecated PIL.OleFileIO #3598 [hugovk] * Remove deprecated ImageOps undocumented functions #3599 [hugovk] * Depends: Update libwebp to 1.0.2 #3602 [radarhere] * Detect MIME types #3525 [radarhere] update to version 5.4.1: * File closing: Only close __fp if not fp #3540 [radarhere] * Fix build for Termux #3529 [pslacerda] * PNG: Detect MIME types #3525 [radarhere] * PNG: Handle IDAT chunks after image end #3532 [radarhere] changes from version 5.4.0: * Docs: Improved ImageChops documentation #3522 [radarhere] * Allow RGB and RGBA values for P image putpixel #3519 [radarhere] * Add APNG extension to PNG plugin #3501 [pirate486743186, radarhere] * Lookup ld.so.cache instead of hardcoding search paths #3245 [pslacerda] * Added custom string TIFF tags #3513 [radarhere] * Improve setup.py configuration #3395 [diorcety] * Read textual chunks located after IDAT chunks for PNG #3506 [radarhere] * Performance: Don't try to hash value if enum is empty #3503 [Glandos] * Added custom int and float TIFF tags #3350 [radarhere] * Fixes for issues reported by static code analysis #3393 [frenzymadness] * GIF: Wait until mode is normalized to copy im.info into encoderinfo #3187 [radarhere] * Docs: Add page of deprecations and removals #3486 [hugovk] * Travis CI: Upgrade PyPy from 5.8.0 to 6.0 #3488 [hugovk] * Travis CI: Allow lint job to fail #3467 [hugovk] * Resolve __fp when closing and deleting #3261 [radarhere] * Close exclusive fp before discarding #3461 [radarhere] * Updated open files documentation #3490 [radarhere] * Added libjpeg_turbo to check_feature #3493 [radarhere] * Change color table index background to tuple when saving as WebP #3471 [radarhere] * Allow arbitrary number of comment extension subblocks #3479 [radarhere] * Ensure previous FLI frame is loaded before seeking to the next #3478 [radarhere] * ImageShow improvements #3450 [radarhere] * Depends: Update libimagequant to 2.12.2 #3442, libtiff to 4.0.10 #3458, libwebp to 1.0.1 #3468, Tk Tcl to 8.6.9 #3465 [radarhere] * Check quality_layers type #3464 [radarhere] * Add context manager, __del__ and close methods to TarIO #3455 [radarhere] * Test: Do not play sound when running screencapture command #3454 [radarhere] * Close exclusive fp on open exception #3456 [radarhere] * Only close existing fp in WebP if fp is exclusive #3418 [radarhere] * Docs: Re-add the downloads badge #3443 [hugovk] * Added negative index to PixelAccess #3406 [Nazime] * Change tuple background to global color table index when saving as GIF #3385 [radarhere] * Test: Improved ImageGrab tests #3424 [radarhere] * Flake8 fixes #3422, #3440 [radarhere, hugovk] * Only ask for YCbCr->RGB libtiff conversion for jpeg-compressed tiffs #3417 [kkopachev] * Optimise ImageOps.fit by combining resize and crop #3409 [homm] update to version 5.3.0: * Changed Image size property to be read-only by default #3203 [radarhere] * Add warnings if image file identification fails due to lack of WebP support #3169 [radarhere, hugovk] * Hide the Ghostscript progress dialog popup on Windows #3378 [hugovk] * Adding support to reading tiled and YcbCr jpeg tiffs through libtiff #3227 [kkopachev] * Fixed None as TIFF compression argument #3310 [radarhere] * Changed GIF seek to remove previous info items #3324 [radarhere] * Improved PDF document info #3274 [radarhere] * Add line width parameter to rectangle and ellipse-based shapes #3094 [hugovk, radarhere] * Fixed decompression bomb check in _crop #3313 [dinkolubina, hugovk] * Added support to ImageDraw.floodfill for non-RGB colors #3377 [radarhere] * Tests: Avoid catching unexpected exceptions in tests #2203 [jdufresne] * Use TextIOWrapper.detach() instead of NoCloseStream #2214 [jdufresne] * Added transparency to matrix conversion #3205 [radarhere] * Added ImageOps pad method #3364 [radarhere] * Give correct extrema for I;16 format images #3359 [bz2] * Added PySide2 #3279 [radarhere] * Corrected TIFF tags #3369 [radarhere] * CI: Install CFFI and pycparser without any PYTHONOPTIMIZE #3374 [hugovk] * Read/Save RGB webp as RGB (instead of RGBX) #3298 [kkopachev] * ImageDraw: Add line joints #3250 [radarhere] * Improved performance of ImageDraw floodfill method #3294 [yo1995] * Fix builds with --parallel #3272 [hsoft] * Add more raw Tiff modes (RGBaX, RGBaXX, RGBAX, RGBAXX) #3335 [homm] * Close existing WebP fp before setting new fp #3341 [radarhere] * Add orientation, compression and id_section as TGA save keyword arguments #3327 [radarhere] * Convert int values of RATIONAL TIFF tags to floats #3338 [radarhere, wiredfool] * Fix code for PYTHONOPTIMIZE #3233 [hugovk] * Changed ImageFilter.Kernel to subclass ImageFilter.BuiltinFilter, instead of the other way around #3273 [radarhere] * Remove unused draw.draw_line, draw.draw_point and font.getabc methods #3232 [hugovk] * Tests: Added ImageFilter tests #3295 [radarhere] * Tests: Added ImageChops tests #3230 [hugovk, radarhere] * AppVeyor: Download lib if not present in pillow-depends #3316 [radarhere] * Travis CI: Add Python 3.7 and Xenial #3234 [hugovk] * Docs: Added documentation for NumPy conversion #3301 [radarhere] * Depends: Update libimagequant to 2.12.1 #3281 [radarhere] * Add three-color support to ImageOps.colorize #3242 [tsennott] * Tests: Add LA to TGA test modes #3222 [danpla] * Skip outline if the draw operation fills with the same colour #2922 [radarhere] * Flake8 fixes #3173, #3380 [radarhere] * Avoid deprecated 'U' mode when opening files #2187 [jdufresne] update to version 5.2.0: * Fixed saving a multiframe image as a single frame PDF #3137 [radarhere] * If a Qt version is already imported, attempt to use it first #3143 [radarhere] * Fix transform fill color for alpha images #3147 [fozcode] * TGA: Add support for writing RLE data #3186 [danpla] * TGA: Read and write LA data #3178 [danpla] * QuantOctree.c: Remove erroneous attempt to average over an empty range #3196 [tkoeppe] * Changed ICNS format tests to pass on OS X 10.11 #3202 [radarhere] * Fixed bug in ImageDraw.multiline_textsize() #3114 [tianyu139] * Added getsize_multiline support for PIL.ImageFont #3113 [tianyu139] * Added ImageFile get_format_mimetype method #3190 [radarhere] * Changed mmap file pointer to use context manager #3216 [radarhere] * Changed ellipse point calculations to be more evenly distributed #3142 [radarhere] * Only extract first Exif segment #2946 [hugovk] * Tests: Test ImageDraw2, WalImageFile #3135, #2989 [hugovk] * Remove unnecessary '#if 0' code #3075 [hugovk] * Tests: Added GD tests #1817 [radarhere] * Fix collections ABCs DeprecationWarning in Python 3.7 #3123 [hugovk] * unpack_from is faster than unpack of slice #3201 [landfillbaby] * Docs: Add coordinate system links and file handling links in documentation #3204, #3214 [radarhere] * Tests: TestFilePng: Fix test_save_l_transparency() #3182 [danpla] * Docs: Correct argument name #3171 [radarhere] * Docs: Update CMake download URL #3166 [radarhere] * Docs: Improve Image.transform documentation #3164 [radarhere] * Fix transform fillcolor argument when image mode is RGBA or LA #3163 [radarhere] * Tests: More specific Exception testing #3158 [radarhere] * Add getrgb HSB/HSV color strings #3148 [radarhere] * Allow float values in getrgb HSL color string #3146 [radarhere] * AppVeyor: Upgrade to Python 2.7.15 and 3.4.4 #3140 [radarhere] * AppVeyor: Upgrade to PyPy 6.0.0 #3133 [hugovk] * Deprecate PILLOW_VERSION and VERSION #3090 [hugovk] * Support Python 3.7 #3076 [hugovk] * Depends: Update freetype to 2.9.1, libjpeg to 9c, libwebp to 1.0.0 #3121, #3136, #3108 [radarhere] * Build macOS wheels with Xcode 6.4, supporting older macOS versions #3068 [wiredfool] * Fix _i2f compilation on some GCC versions #3067 [homm] * Changed encoderinfo to have priority over info when saving GIF images #3086 [radarhere] * Rename PIL.version to PIL._version and remove it from module #3083 [homm] * Enable background colour parameter on rotate #3057 [storesource] * Remove unnecessary #if 1 directive #3072 [jdufresne] * Remove unused Python class, Path #3070 [jdufresne] * Fix dereferencing type-punned pointer will break strict-aliasing #3069 [jdufresne] update to version 5.1.0: * Close fp before return in ImagingSavePPM #3061 [kathryndavies] * Added documentation for ICNS append_images #3051 [radarhere] * Docs: Move intro text below its header #3021 [hugovk] * CI: Rename appveyor.yml as .appveyor.yml #2978 [hugovk] * Fix TypeError for JPEG2000 parser feed #3042 [hugovk] * Certain corrupted jpegs can result in no data read #3023 [kkopachev] * Add support for BLP file format #3007 [jleclanche] * Simplify version checks #2998 [hugovk] * Fix 'invalid escape sequence' warning on Python 3.6+ #2996 [timgraham] * Allow append_images to set .icns scaled images #3005 [radarhere] * Support appending to existing PDFs #2965 [vashek] * Fix and improve efficient saving of ICNS on macOS #3004 [radarhere] * Build: Enable pip cache in AppVeyor build #3009 [thijstriemstra] * Trim trailing whitespace #2985 [Metallicow] * Docs: Correct reference to Image.new method #3000 [radarhere] * Rearrange ImageFilter classes into alphabetical order #2990 [radarhere] * Test: Remove duplicate line #2983 [radarhere] * Build: Update AppVeyor PyPy version #3003 [radarhere] * Tiff: Open 8 bit Tiffs with 5 or 6 channels, discarding extra channels #2938 [homm] * Readme: Added Twitter badge #2930 [hugovk] * Removed __main__ code from ImageCms #2942 [radarhere] * Test: Changed assert statements to unittest calls #2961 [radarhere] * Depends: Update libimagequant to 2.11.10, raqm to 0.5.0, freetype to 2.9 #3036, #3017, #2957 [radarhere] * Remove _imaging.crc32 in favor of builtin Python crc32 implementation #2935 [wiredfool] * Move Tk directory to src directory #2928 [hugovk] * Enable pip cache in Travis CI #2933 [jdufresne] * Remove unused and duplicate imports #2927 [radarhere] * Docs: Changed documentation references to 2.x to 2.7 #2921 [radarhere] * Fix memory leak when opening webp files #2974 [wiredfool] * Setup: Fix 'TypeError: 'NoneType' object is not iterable' for PPC and CRUX #2951 [hugovk] * Setup: Add libdirs for ppc64le and armv7l #2968 [nehaljwani] Moderate SUSE bug 1180832 SUSE bug 1180833 SUSE bug 1180834 SUSE bug 1181281 CVE-2020-15999 CVE-2020-35653 CVE-2020-35654 CVE-2020-35655 CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292 CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923 CVE-2021-34552 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3659: Fix general protection fault via NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform allowed KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1188842). - CVE-2021-22543: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bnc#1186482). - CVE-2021-21781: A SIGPAGE information disclosure vulnerability on ARM was fixed (bsc#1188445). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: Fix preauth hash corruption (git-fixes). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - Drop media rtl28xxu fix patch (bsc#1188683) - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - Move upstreamed patches to sorted section - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net/mlx5: Properly convey driver version to firmware (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - Update patches.suse/ibmvnic-account-for-bufs-already-saved-in-indir_buf.patch (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch (bsc#1085224 ltc#164363 bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-parenthesize-a-check.patch (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch (bsc#1094840 ltc#167098 bsc#1188620 ltc#192221). - Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Important SUSE bug 1065729 SUSE bug 1085224 SUSE bug 1094840 SUSE bug 1113295 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1179243 SUSE bug 1183871 SUSE bug 1184114 SUSE bug 1184350 SUSE bug 1184631 SUSE bug 1185377 SUSE bug 1185902 SUSE bug 1186194 SUSE bug 1186264 SUSE bug 1186482 SUSE bug 1187476 SUSE bug 1188101 SUSE bug 1188405 SUSE bug 1188445 SUSE bug 1188504 SUSE bug 1188620 SUSE bug 1188683 SUSE bug 1188746 SUSE bug 1188747 SUSE bug 1188748 SUSE bug 1188770 SUSE bug 1188771 SUSE bug 1188772 SUSE bug 1188773 SUSE bug 1188774 SUSE bug 1188777 SUSE bug 1188780 SUSE bug 1188781 SUSE bug 1188782 SUSE bug 1188783 SUSE bug 1188784 SUSE bug 1188786 SUSE bug 1188787 SUSE bug 1188788 SUSE bug 1188790 SUSE bug 1188838 SUSE bug 1188842 SUSE bug 1188876 SUSE bug 1188885 SUSE bug 1188973 SUSE bug 1189021 SUSE bug 1189057 SUSE bug 1189077 SUSE bug 802154 CVE-2021-21781 CVE-2021-22543 CVE-2021-3659 CVE-2021-3679 CVE-2021-37576 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). - CVE-2019-14275: stack-based buffer overflow in the calc_arrow function in bound.c (bsc#1143650). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1143650 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 CVE-2019-14275 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2021-3561 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-reportlab fixes the following issues: - CVE-2020-28463: Fixed Server-side Request Forgery via img tags (bsc#1182503). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182503 CVE-2020-28463 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803) - Update to version 7.5.7: * Updated relref to 'Configuring exemplars' section (#34240) (#34243) * Added exemplar topic (#34147) (#34226) * Quota: Do not count folders towards dashboard quota (#32519) (#34025) * Instructions to separate emails with semicolons (#32499) (#34138) * Docs: Remove documentation of v8 generic OAuth feature (#34018) * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975) * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935) * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936) * Stop hoisting @icons/material (#33922) * Chore: fix react-color version in yarn.lock (#33914) * 'Release: Updated versions in package to 7.5.6' (#33909) * Loki: fix label browser crashing when + typed (#33900) (#33901) * Document `hide_version` flag (#33670) (#33881) * Add isolation level db configuration parameter (#33830) (#33878) * Sanitize PromLink button (#33874) (#33876) * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872) * Docs feedback: /administration/provisioning.md (#33804) (#33842) * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851) * Docs: Update _index.md (#33797) (#33799) * Docs: Update installation.md (#33656) (#33703) * GraphNG: uPlot 1.6.9 (#33598) (#33612) * dont consider invalid email address a failed email (#33671) (#33681) * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625) * add template for dashboard url parameters (#33549) (#33588) * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586) * Update team.md (#33454) (#33536) * Removed duplicate file 'dashboard_folder_permissions.md (#33497) * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495) * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492) * Documentation: Update developer-guide.md (#33478) (#33490) * add closed parenthesis to fix a hyperlink (#33471) (#33481) - Update to version 7.5.5: * 'Release: Updated versions in package to 7.5.5' (#33469) * GraphNG: Fix exemplars window position (#33427) (#33462) * Remove field limitation from slack notification (#33113) (#33455) * Prometheus: Support POST in template variables (#33321) (#33441) * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409) * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406) * Docs: Removed type from find annotations example. (#33399) (#33403) * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255) * Updated label for add panel. (#33285) (#33286) * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248) * Docs: Sync latest master docs with 7.5.x (#33156) * Docs: Update getting-started-influxdb.md (#33234) (#33241) * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239) * Minor Changes in Auditing.md (#31435) (#33238) * Docs: Add license check endpoint doc (#32987) (#33236) * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219) * Docs: InfluxDB doc improvements (#32815) (#33185) * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031) * update cla (#33181) * Fix inefficient regular expression (#33155) (#33159) * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136) * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128) * Update team.md (#33060) (#33084) * GE issue 1268 (#33049) (#33081) * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079) * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061) * Docs: Replace next with latest in aliases (#33054) (#33059) * Added missing link item. (#33052) (#33055) * Backport 33034 (#33038) * Docs: Backport 32916 to v7.5x (#33008) * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998) * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996) * Docs: Sync release branch with latest docs (#32986) - Update to version 7.5.4: * 'Release: Updated versions in package to 7.5.4' (#32971) * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967) * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968) * fix sqlite3 tx retry condition operator precedence (#32897) (#32952) * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947) * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945) * GraphNG: uPlot 1.6.8 (#32859) (#32863) * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844) * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804) * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758) * TablePanel: Makes sorting case-insensitive (#32435) (#32752) - Update to version 7.5.3: * 'Release: Updated versions in package to 7.5.3' (#32745) * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741) * Loki: Remove empty annotations tags (#32359) (#32490) * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739) * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726) * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714) * Variables: Confirms selection before opening new picker (#32586) (#32710) * CloudWarch: Fix service quotas link (#32686) (#32689) * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598) * chore: bump execa to v2.1.0 (#32543) (#32592) * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558) * Fix broken gtime tests (#32582) (#32587) * resolve conflicts (#32567) * gtime: Make ParseInterval deterministic (#32539) (#32560) * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535) * TextboxVariable: Limits the length of the preview value (#32472) (#32530) * AdHocVariable: Adds default data source (#32470) (#32476) * Variables: Fixes Unsupported data format error for null values (#32480) (#32487) * Prometheus: align exemplars check to latest api change (#32513) (#32515) * 'Release: Updated versions in package to 7.5.2' (#32502) * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488) * Set spanNulls to default (#32471) (#32486) * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442) * API: Return 409 on datasource version conflict (#32425) (#32433) * API: Return 400 on invalid Annotation requests (#32429) (#32431) * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424) * Table: Fixes so links work for image cells (#32370) (#32410) * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394) * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395) * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397) * 'Release: Updated versions in package to 7.5.1' (#32362) * MSSQL: Upgrade go-mssqldb (#32347) (#32361) * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348) * 'Release: Updated versions in package to 7.5.0' (#32308) * Loki: Fix text search in Label browser (#32293) (#32306) * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299) * PieChartV2: Add migration from old piechart (#32259) (#32291) * LibraryPanels: Adds Type and Description to DB (#32258) (#32288) * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284) * Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281) * LibraryPanels: Changes to non readonly reducer (#32193) (#32200) * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262) * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102) * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247) * Logs: If log message missing, use empty string (#32080) (#32243) * CloudWatch: Use latest version of aws sdk (#32217) (#32223) * Release: Updated versions in package to 7.5.0-beta.2 (#32158) * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154) * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151) * Fix loading timezone info on windows (#32029) (#32149) * SQLStore: Close session in withDbSession (#31775) (#32108) * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148) * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125) * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144) * Backport 32005 to v7.5.x #32128 (#32130) * Loki: Label browser UI updates (#31737) (#32119) * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929) * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103) * LibraryPanels: Improves the Get All experience (#32028) (#32093) * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032) * Exemplars: always query exemplars (#31673) (#32024) * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055) * Chore: Collect elasticsearch version usage stats (#31787) (#32063) * Chore: Tidy up Go deps (#32053) * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066) * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060) * [v7.5.x] Auth: Allow soft token revocation (#32037) * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036) * Make master green (#32011) (#32015) * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982) * Variables: Fixes filtering in picker with null items (#31979) (#31995) * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003) * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987) * Loki: Fix type errors in language_provider (#31902) (#31945) * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977) * Cloudwatch: use shared library for aws auth (#29550) (#31946) * Tooltip: partial perf improvement (#31774) (#31837) (#31957) * Backport 31913 to v7.5.x (#31955) * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938) * Variables: Do not reset description on variable type change (#31933) (#31939) * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894) * Elasticseach: Support histogram fields (#29079) (#31914) * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896) * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891) * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801) * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882) * Run go mod tidy to update go.mod and go.sum (#31859) * Grafana/ui: display all selected levels for Cascader (#31729) (#31862) * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861) * Cloudwatch: ListMetrics API page limit (#31788) (#31851) * Remove invalid attribute (#31848) (#31850) * CloudWatch: Restrict auth provider and assume role usage according to… (#31845) * CloudWatch: Add support for EC2 IAM role (#31804) (#31841) * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819) * Variables: Improves inspection performance and unknown filtering (#31811) (#31813) * Change piechart plugin state to beta (#31797) (#31798) * ReduceTransform: Include series with numeric string names (#31763) (#31794) * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769) * Fix escaping in ANSI and dynamic button removal (#31731) (#31767) * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718) * log skipped, performed and duration for migrations (#31722) (#31754) * Search: Make items more compact (#31734) (#31750) * loki_datasource: add documentation to label_format and line_format (#31710) (#31746) * Tempo: Convert tempo to backend data source2 (#31733) * Elasticsearch: Fix script fields in query editor (#31681) (#31727) * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717) * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675) * Tempo: set authentication header properly (#31699) (#31701) * Tempo: convert to backend data source (#31618) (#31695) * Update package.json (#31672) * Release: Bump version to 7.5.0-beta.1 (#31664) * Fix whatsNewUrl version to 7.5 (#31666) * Chore: add alias for what's new 7.5 (#31669) * Docs: Update doc for PostgreSQL authentication (#31434) * Docs: document report template variables (#31637) * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633) * Color: Fixes issue where colors where reset to gray when switch panels (#31611) * Live: Use pure WebSocket transport (#31630) * Docs: Fix broken image link (#31661) * Docs: Add Whats new in 7.5 (#31659) * Docs: Fix links for 7.5 (#31658) * Update enterprise-configuration.md (#31656) * Explore/Logs: Escaping of incorrectly escaped log lines (#31352) * Tracing: Small improvements to trace types (#31646) * Update _index.md (#31645) * AlertingNG: code refactoring (#30787) * Remove pkill gpg-agent (#31169) * Remove format for plugin routes (#31633) * Library Panels: Change unsaved change detection logic (#31477) * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624) * add new metrics and dimensions (#31595) * fix devenv dashboard content typo (#31583) * DashList: Sort starred and searched dashboard alphabetically (#31605) * Docs: Update whats-new-in-v7-4.md (#31612) * SSE: Add 'Classic Condition' on backend (#31511) * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259) * Alerting: PagerDuty: adding current state to the payload (#29270) * devenv: Fix typo (#31589) * Loki: Label browser (#30351) * LibraryPanels: No save modal when user is on same dashboard (#31606) * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603) * Update node-graph.md (#31571) * test: pass Cypress options objects into selector wrappers (#31567) * Loki: Add support for alerting (#31424) * Tracing: Specify type of the data frame that is expected for TraceView (#31465) * LibraryPanels: Adds version column (#31590) * PieChart: Add color changing options to pie chart (#31588) * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558) * Bring back correct legend sizing afer PlotLegend refactor (#31582) * Alerting: Fix bug in Discord for when name for metric value is absent (#31257) * LibraryPanels: Deletes library panels during folder deletion (#31572) * chore: bump lodash to 4.17.21 (#31549) * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518) * TestData: Fixes never ending annotations scenario (#31573) * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498) * propagate plugin unavailable message to UI (#31560) * ConfirmButton: updates story from knobs to controls (#31476) * Loki: Refactor line limit to use grafana/ui component (#31509) * LibraryPanels: Adds folder checks and permissions (#31473) * Add guide on custom option editors (#31254) * PieChart: Update text color and minor changes (#31546) * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036) * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210) * PieChart: Improve piechart legend and options (#31446) * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538) * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539) * Add multiselect options ui (#31501) * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Variables: Fixes error with: cannot read property length of undefined (#31458) * Explore: Show ANSI colored logs in logs context (#31510) * LogsPanel: Show all received logs (#31505) * AddPanel: Design polish (#31484) * TimeSeriesPanel: Remove unnecessary margin from legend (#31467) * influxdb: flux: handle is-hidden (#31324) * Graph: Fix tooltip not showing when close to the edge of viewport (#31493) * FolderPicker: Remove useNewForms from FolderPicker (#31485) * Add reportVariables feature toggle (#31469) * Grafana datasource: support multiple targets (#31495) * Update license-restrictions.md (#31488) * Docs: Derived fields links in logs detail view (#31482) * Docs: Add new data source links to Enterprise page (#31480) * Convert annotations to dataframes (#31400) * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475) * GrafanaUI: Fixes typescript error for missing css prop (#31479) * Login: handle custom token creation error messages (#31283) * Library Panels: Don't list current panel in available panels list (#31472) * DashboardSettings: Migrate Link Settings to React (#31150) * Frontend changes for library panels feature (#30653) * Alerting notifier SensuGo: improvements in default message (#31428) * AppPlugins: Options to disable showing config page in nav (#31354) * add aws config (#31464) * Heatmap: Fix missing/wrong value in heatmap legend (#31430) * Chore: Fixes small typos (#31461) * Graphite/SSE: update graphite to work with server side expressions (#31455) * update the lastest version to 7.4.3 (#31457) * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454) * AWS: Add aws plugin configuration (#31312) * Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452) * Remove UserSyncInfo.tsx (#31450) * Elasticsearch: Add word highlighting to search results (#30293) * Chore: Fix eslint react hook warnings in grafana-ui (#31092) * CloudWatch: Make it possible to specify custom api endpoint (#31402) * Chore: fixed incorrect naming for disable settings (#31448) * TraceViewer: Fix show log marker in spanbar (#30742) * LibraryPanels: Adds permissions to getAllHandler (#31416) * NamedColorsPalette: updates story from knobs to controls (#31443) * 'Release: Updated versions in package to 7.4.3' (#31444) * ColorPicker: updates story from knobs to controls (#31429) * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431) * ClipboardButton: updates story from knobs to controls (#31422) * we should never log unhashed tokens (#31432) * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407) * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322) * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353) * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362) * TraceViewer: Fix trace to logs icon to show in right pane (#31414) * add hg team as migrations code owners (#31420) * Remove tidy-check script (#31423) * InfluxDB: handle columns named 'table' (#30985) * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401) * Devenv: Add gdev-influxdb2 data source (#31250) * Update grabpl from 0.5.38 to 0.5.42 version (#31419) * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421) * remove squadcast details from docs (#31413) * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297) * Logging: add frontend logging helpers to @grafana/runtime package (#30482) * CallToActionCard: updates story from knobs to controls (#31393) * Add eu-south-1 cloudwatch region, closes #31197 (#31198) * Chore: Upgrade eslint packages (#31408) * Cascader: updates story from knobs to controls (#31399) * addressed issues 28763 and 30314. (#31404) * Added section Query a time series database by id (#31337) * Prometheus: Change default httpMethod for new instances to POST (#31292) * Data source list: Use Card component (#31326) * Chore: Remove gotest.tools dependency (#31391) * Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388) * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387) * AdHocVariables: Fixes crash when values are stored as numbers (#31382) * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379) * Chore: Fix strict errors, down to 416 (#31365) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378) * StoryBook: Introduces Grafana Controls (#31351) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313) * Theming: Support for runtime theme switching and hooks for custom themes (#31301) * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282) * Zipkin: Show success on test data source (#30829) * Update grot template (needs more info) (#31350) * DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347) * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332) * Grafana/UI: Add basic legend to the PieChart (#31278) * SAML: single logout only enabled in enterprise (#31325) * QueryEditor: handle query.hide changes in angular based query-editors (#31336) * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334) * LibraryPanels: Syncs panel title with name (#31311) * Chore: Upgrade golangci-lint (#31330) * Add info to docs about concurrent session limits (#31333) * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316) * BarGuage: updates story from knobs to controls (#31223) * Docs: Clarifies how to add Key/Value pairs (#31303) * Usagestats: Exclude folders from total dashboard count (#31320) * ButtonCascader: updates story from knobs to controls (#31288) * test: allow check for Table as well as Graph for Explore e2e flow (#31290) * Grafana-UI: Update tooltip type (#31310) * fix 7.4.2 release note (#31299) * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285) * Chore: reduce strict errors for variables (#31241) * update latest release version (#31296) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291) * Correct name of Discord notifier tests (#31277) * Docs: Clarifies custom date formats for variables (#31271) * BigValue: updates story from knobs to controls (#31240) * Docs: Annotations update (#31194) * Introduce functions for interacting with library panels API (#30993) * Search: display sort metadata (#31167) * Folders: Editors should be able to edit name and delete folders (#31242) * Make Datetime local (No date if today) working (#31274) * UsageStats: Purpose named variables (#31264) * Snapshots: Disallow anonymous user to create snapshots (#31263) * only update usagestats every 30min (#31131) * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701) * Grafana-UI: Add id to Select to make it easier to test (#31230) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) * UI/Card: Fix handling of 'onClick' callback (#31225) * Loki: Add line limit for annotations (#31183) * Remove deprecated and breaking loki config field (#31227) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) * LibraryPanels: Disconnect before connect during dashboard save (#31235) * Disable Change Password for OAuth users (#27886) * TagsInput: Design update and component refactor (#31163) * Variables: Adds back default option for data source variable (#31208) * IPv6: Support host address configured with enclosing square brackets (#31226) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) * GraphNG: refactor core to class component (#30941) * Remove last synchronisation field from LDAP debug view (#30984) * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975) * Graph: Make axes unit option work even when field option unit is set (#31205) * AlertingNG: Test definition (#30886) * Docs: Update Influx config options (#31146) * WIP: Skip this call when we skip migrations (#31216) * use 0.1.0 (#31215) * DataSourceSrv: Filter out non queryable data sources by default (#31144) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) * Chore: report eslint no-explicit-any errors to metrics (#31182) * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211) * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773) * Alerting: Fix modal text for deleting obsolete notifier (#31171) * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204) * Variables: Fixes missing empty elements from regex filters (#31156) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) * Fixed the typo. (#31189) * Docs: Rewrite preferences docs (#31154) * Explore/Refactor: Simplify URL handling (#29173) * DashboardLinks: Fixes links always cause full page reload (#31178) * Replace PR with Commit truncated hash when build fails (#31177) * Alert: update story to use controls (#31145) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) * Update prometheus.md (#31173) * Variables: Extend option pickers to accept custom onChange callback (#30913) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) * Add author name and pr number in drone pipeline notifications (#31124) * Prometheus: Add documentation for ad-hoc filters (#31122) * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135) * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079) * Chore: Update latest.json (#31139) * Docs: add 7.4.1 relese notes link (#31137) * PieChart: Progress on new core pie chart (#28020) * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133) * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) * MuxWriter: Handle error for already closed file (#31119) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) * Search: add sort information in dashboard results (#30609) * area/grafana/e2e: ginstall should pull version specified (#31056) * Exemplars: Change CTA style (#30880) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) * Docs: request security (#30937) * update configurePanel for 7.4.0 changes (#31093) * Elasticsearch: fix log row context erroring out (#31088) * Prometheus: Fix issues with ad-hoc filters (#30931) * LogsPanel: Add deduplication option for logs (#31019) * Drone: Make sure CDN upload is ok before pushing docker images (#31075) * PluginManager: Remove some global state (#31081) * test: update addDashboard flow for v7.4.0 changes (#31059) * Transformations: Fixed typo in FilterByValue transformer description. (#31078) * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074) * Usage stats: Adds source/distributor setting (#31039) * CDN: Add CDN upload step to enterprise and release pipelines (#31058) * Chore: Replace native select with grafana ui select (#31030) * Docs: Update json-model.md (#31066) * Docs: Update whats-new-in-v7-4.md (#31069) * Added hyperlinks to Graphite documentation (#31064) * DashboardSettings: Update to new form styles (#31022) * CDN: Fixing drone CI config (#31052) * convert path to posix by default (#31045) * DashboardLinks: Fixes crash when link has no title (#31008) * Alerting: Fixes so notification channels are properly deleted (#31040) * Explore: Remove emotion error when displaying logs (#31026) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) * CDN: Adds uppload to CDN step to drone CI (#30879) * Improved glossary (#31004) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) * Drone: Fix deployment image (#31027) * ColorPicker: migrated styles from sass to emotion (#30909) * Dashboard: Migrate general settings to react (#30914) * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018) * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966) * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017) * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013) * Graph: Fixes so graph is shown for non numeric time values (#30972) * CloudMonitoring: Prevent resource type variable function from crashing (#30901) * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971) * Build: Releases e2e and e2e-selectors too (#31006) * TextPanel: Fixes so panel title is updated when variables change (#30884) * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000) * instrumentation: make the first database histogram bucket smaller (#30995) * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988) * StatPanel: Fixes issue formatting date values using unit option (#30979) * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973) * Units: Fixes formatting of duration units (#30982) * Elasticsearch: Show Size setting for raw_data metric (#30980) * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935) * make sure service and slo display name is passed to segment comp (#30900) * assign changes in cloud datasources to the new cloud datasources team (#30645) * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927) * Theme: Use higher order theme color variables rather then is light/dark logic (#30939) * Docs: Add alias for what's new in 7.4 (#30945) * e2e: extends selector factory to plugins (#30932) * Chore: Upgrade docker build image (#30820) * Docs: updated developer guide (#29978) * Alerts: Update Alert storybook to show more states (#30908) * Variables: Adds queryparam formatting option (#30858) * Chore: pad unknown values with undefined (#30808) * Transformers: add search to transform selection (#30854) * Exemplars: change api to reflect latest changes (#30910) * docs: use selinux relabelling on docker containers (#27685) * Docs: Fix bad image path for alert notification template (#30911) * Make value mappings correctly interpret numeric-like strings (#30893) * Chore: Update latest.json (#30905) * Docs: Update whats-new-in-v7-4.md (#30882) * Dashboard: Ignore changes to dashboard when the user session expires (#30897) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902) * test: add support for timeout to be passed in for addDatasource (#30736) * increase page size and make sure the cache supports query params (#30892) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) * OAuth: custom username docs (#28400) * Panels: Remove value mapping of values that have been formatted #26763 (#30868) * Alerting: Fixes alert panel header icon not showing (#30840) * AlertingNG: Edit Alert Definition (#30676) * Logging: sourcemap support for frontend stacktraces (#30590) * Added 'Restart Grafana' topic. (#30844) * Docs: Org, Team, and User Admin (#30756) * bump grabpl version to 0.5.36 (#30874) * Plugins: Requests validator (#30445) * Docs: Update whats-new-in-v7-4.md (#30876) * Docs: Add server view folder (#30849) * Fixed image name and path (#30871) * Grafana-ui: fixes closing modals with escape key (#30745) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861) * Chart/Tooltip: refactored style declaration (#30824) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853) * Grafana-ui: fixes no data message in Table component (#30821) * grafana/ui: Update pagination component for large number of pages (#30151) * Alerting: Customise OK notification priorities for Pushover notifier (#30169) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) * Chore: Remove panelTime.html, closes #30097 (#30842) * Docs: Time series panel, bar alignment docs (#30780) * Chore: add more docs annotations (#30847) * Transforms: allow boolean in field calculations (#30802) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) * Update prometheus.md with image link fix (#30833) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) * Update license-expiration.md (#30839) * Explore rewrite (#30804) * Prometheus: Set type of labels to string (#30831) * GrafanaUI: Add a way to persistently close InfoBox (#30716) * Fix typo in transformer registry (#30712) * Elasticsearch: Display errors with text responses (#30122) * CDN: Fixes cdn path when Grafana is under sub path (#30822) * TraceViewer: Fix lazy loading (#30700) * FormField: migrated sass styling to emotion (#30392) * AlertingNG: change API permissions (#30781) * Variables: Clears drop down state when leaving dashboard (#30810) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) * Add missing callback dependency (#30797) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343) * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778) * Add width for Variable Editors (#30791) * Chore: Remove warning when calling resource (#30752) * Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) * GraphNG: add bar alignment option (#30499) * Expressions: Measure total transformation requests and elapsed time (#30514) * Menu: Mark menu components as internal (#30740) * TableInputCSV: migrated styles from sass to emotion (#30554) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772) * CDN: Adds support for serving assets over a CDN (#30691) * PanelEdit: Trigger refresh when changing data source (#30744) * Chore: remove __debug_bin (#30725) * BarChart: add alpha bar chart panel (#30323) * Docs: Time series panel (#30690) * Backend Plugins: Convert test data source to use SDK contracts (#29916) * Docs: Update whats-new-in-v7-4.md (#30747) * Add link to Elasticsearch docs. (#30748) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) * TagsInput: Make placeholder configurable (#30718) * Docs: Add config settings for fonts in reporting (#30421) * Add menu.yaml to .gitignore (#30743) * bump cypress to 6.3.0 (#30644) * Datasource: Use json-iterator configuration compatible with standard library (#30732) * AlertingNG: Update UX to use new PageToolbar component (#30680) * Docs: Add usage insights export feature (#30376) * skip symlinks to directories when generating plugin manifest (#30721) * PluginCiE2E: Upgrade base images (#30696) * Variables: Fixes so text format will show All instead of custom all (#30730) * PanelLibrary: better handling of deleted panels (#30709) * Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724) * Added 'curated dashboards' information and broke down, rearranged topics. (#30659) * Transform: improve the 'outer join' performance/behavior (#30407) * Add alt text to plugin logos (#30710) * Deleted menu.yaml file (#30717) * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000) * Added entry for web server. (#30715) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) * Use connected GraphNG in Explore (#30707) * Fix documentation for streaming data sources (#30704) * PanelLibrary: changes casing of responses and adds meta property (#30668) * Influx: Show all datapoints for dynamically windowed flux query (#30688) * Trace: trace to logs design update (#30637) * DeployImage: Switch base images to Debian (#30684) * Chore: remove CSP debug logging line (#30689) * Docs: 7.4 documentation for expressions (#30524) * PanelEdit: Get rid of last remaining usage of navbar-button (#30682) * Grafana-UI: Fix setting default value for MultiSelect (#30671) * CustomScrollbar: migrated styles from sass to emotion (#30506) * DashboardSettings & PanelEdit: Use new PageToolbar (#30675) * Explore: Fix jumpy live tailing (#30650) * ci(npm-publish): add missing github package token to env vars (#30665) * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588) * AlertingNG: pause/unpause definitions via the API (#30627) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666) * Variables: Fixes display value when using capture groups in regex (#30636) * Docs: Update _index.md (#30655) * Docs: Auditing updates (#30433) * Docs: add hidden_users configuration field (#30435) * Docs: Define TLS/SSL terminology (#30533) * Docs: Fix expressions enabled description (#30589) * Docs: Update ES screenshots (#30598) * Licensing Docs: Adding license restrictions docs (#30216) * Update documentation-style-guide.md (#30611) * Docs: Update queries.md (#30616) * chore(grafana-ui): bump storybook to 6.1.15 (#30642) * DashboardSettings: fixes vertical scrolling (#30640) * Usage Stats: Remove unused method for getting user stats (#30074) * Grafana/UI: Unit picker should not set a category as unit (#30638) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) * AlertingNG: List saved Alert definitions in Alert Rule list (#30603) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) * Grafana/UI: Add disable prop to Segment (#30539) * Variables: Fixes so queries work for numbers values too (#30602) * Admin: Fixes so form values are filled in from backend (#30544) * Docs: Add new override info and add whats new 7.4 links (#30615) * TestData: Improve what's new in v7.4 (#30612) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) * NodeGraph: Add docs (#30504) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570) * Update styling.md guide (#30594) * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583) * Chore(deps): Bump github.com/prometheus/client_golang (#30585) * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587) * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584) * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572) * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474) * Add documentation for Exemplars (#30317) * OldGraph: Fix height issue in Firefox (#30565) * XY Chart: fix editor error with empty frame (no fields) (#30573) * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510) * XY Chart: share legend config with timeseries (#30559) * configuration.md: Document Content Security Policy options (#30413) * DataFrame: cache frame/field index in field state (#30529) * List + before -; rm old Git ref; reformat. (#30543) * Expressions: Add option to disable feature (#30541) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) * Postgres: Convert tests to stdlib (#30536) * Storybook: Migrate card story to use controls (#30535) * AlertingNG: Enable UI to Save Alert Definitions (#30394) * Postgres: Be consistent about TLS/SSL terminology (#30532) * Loki: Append refId to logs uid (#30418) * Postgres: Fix indentation (#30531) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) * updates for e2e docker image (#30465) * GraphNG: uPlot 1.6.2 (#30521) * Docs: Update whats-new-in-v7-4.md (#30520) * Prettier: ignore build and devenv dirs (#30501) * Chore: Upgrade grabpl version (#30486) * Explore: Update styling of buttons (#30493) * Cloud Monitoring: Fix legend naming with display name override (#30440) * GraphNG: Disable Plot logging by default (#30390) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) * Docs: include Makefile option for local assets (#30455) * Footer: Fixes layout issue in footer (#30443) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) * Docs: fix typo in what's new doc (#30489) * Chore: adds wait to e2e test (#30488) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480) * Chore: fix spelling mistake (#30473) * Chore: Restrict internal imports from other packages (#30453) * Docs: What's new fixes and improvements (#30469) * Timeseries: only migrage point size when configured (#30461) * Alerting: Hides threshold handle for percentual thresholds (#30431) * Graph: Fixes so only users with correct permissions can add annotations (#30419) * Chore: update latest version to 7.4.0-beta1 (#30452) * Docs: Add whats new 7.4 links (#30463) * Update whats-new-in-v7-4.md (#30460) * docs: 7.4 what's new (Add expressions note) (#30446) * Chore: Upgrade build pipeline tool (#30456) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) * Expressions: Fix button icon (#30444) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449) * Docs: Fix img link for alert notification template (#30436) * grafana/ui: Fix internal import from grafana/data (#30439) * prevent field config from being overwritten (#30437) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) * Dashboard: Remove template variables option from ShareModal (#30395) * Added doc content for variables inspector code change by Hugo (#30408) * Docs: update license expiration behavior for reporting (#30420) * Chore: use old version format in package.json (#30430) * Chore: upgrade NPM security vulnerabilities (#30397) * 'Release: Updated versions in package to 7.5.0-pre.0' (#30428) * contribute: Add backend and configuration guidelines for PRs (#30426) * Chore: Update what's new URL (#30424) - Update to version 7.4.5 - CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809) - CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813) - CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1183803 SUSE bug 1183809 SUSE bug 1183811 SUSE bug 1183813 SUSE bug 1184371 CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 (bsc#1188846) - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE Linux Enterprise 15, 15 SP1, 15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 + Features: * Promtool: Retroactive rule evaluation functionality. * Configuration: Environment variable expansion for external labels. Behind '--enable-feature=expand-external-labels' flag. * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. * AWS Lightsail Discovery: Add AWS Lightsail Discovery. * Docker Discovery: Add Docker Service Discovery. * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. * Remote Write: Send exemplars via remote write. Experimental and disabled by default. + Enhancements: * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label. * Scaleway Discovery: Read Scaleway secret from a file. * Scrape: Add configurable limits for label size and count. * UI: Add 16w and 26w time range steps. * Templating: Enable parsing strings in humanize functions. - Update package with changes from `server:monitoring` (bsc#1175478) Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's `firewalld` package does not contain 'prometheus' configuration yet. mgr-cfg: - No visible impact for the user mgr-custom-info: - No visible impact for the user mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user mgr-virtualization: - No visible impact for the user rhnlib: - No visible impact for the user spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Update translation strings spacewalk-koan: - Fix for spacewalk-koan tests after switching to the new Docker images spacewalk-oscap: - No visible impact for the user suseRegisterInfo: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Maintainer field in debian packages are only recommended (bsc#1186508) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175478 SUSE bug 1186242 SUSE bug 1186508 SUSE bug 1186581 SUSE bug 1186650 SUSE bug 1188846 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167) - CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993) - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954) This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1100167 SUSE bug 1116993 SUSE bug 1117954 SUSE bug 1188540 CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for haproxy fixes the following issues: - Fixes HAProxy vulnerabilities on H2 (bsc#1189366). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1189366 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tor fixes the following issues: tor 0.4.6.7: * Fix a DoS via a remotely triggerable assertion failure (boo#1189489, TROVE-2021-007, CVE-2021-38385) tor 0.4.6.6: * Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch * Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's tor 0.4.6.5 * Add controller support for creating v3 onion services with client auth * When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus * Relays now report how overloaded they are * Add a new DoS subsystem to control the rate of client connections for relays * Relays now publish statistics about v3 onions services * Improve circuit timeout algorithm for client performance Important SUSE bug 1189489 CVE-2021-38385 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for isync fixes the following issues: Update to version 1.3.6 * This is a security release that fixes CVE-2021-3578. Moderate SUSE bug 1186939 CVE-2021-3578 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 92.0.4515.159 (boo#1189490): * CVE-2021-30598: Type Confusion in V8 * CVE-2021-30599: Type Confusion in V8 * CVE-2021-30600: Use after free in Printing * CVE-2021-30601: Use after free in Extensions API * CVE-2021-30602: Use after free in WebRTC * CVE-2021-30603: Race in WebAudio * CVE-2021-30604: Use after free in ANGLE * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1189490 CVE-2021-30598 CVE-2021-30599 CVE-2021-30600 CVE-2021-30601 CVE-2021-30602 CVE-2021-30603 CVE-2021-30604 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libass fixes the following issues: - CVE-2020-36430: Fixed heap-based buffer overflow in decode_chars (bsc#1188539). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1188539 CVE-2020-36430 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u302 (icedtea 3.20.0) - CVE-2021-2341: Improve file transfers. (bsc#1188564) - CVE-2021-2369: Better jar file validation. (bsc#1188565) - CVE-2021-2388: Enhance compiler validation. (bsc#1188566) - CVE-2021-2161: Less ambiguous processing. (bsc#1185056) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update of libhts fixes the following security issue: - CVE-2020-36403: Fixed an out-of-bounds write access in vcf_parse_format() (bsc#1187917) Low SUSE bug 1187917 CVE-2020-36403 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1177523 SUSE bug 1188576 CVE-2019-25051 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1188571 CVE-2021-36222 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. (bsc#1188875) - Change PASSWORDLEN from 64 to 256 (bsc#1188034) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1188034 SUSE bug 1188875 CVE-2021-36386 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libspf2 fixes the following issue: - CVE-2021-20314: A remote overflow in SPF parsing could lead to remote code execution (bsc#1189104) Critical SUSE bug 1189104 CVE-2021-20314 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1189520 SUSE bug 1189521 CVE-2021-3711 CVE-2021-3712 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.18: * Fix missing time parameter on FROM_UNIXTIME function cacti 1.2.18: * CVE-2020-14424: Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (boo#1188188) * Real time graphs can expose XSS issue Moderate SUSE bug 1188188 CVE-2020-14424 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openexr fixes the following issues: - CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor - CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator - CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress - CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot - CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188459 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1188462 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.16 fixes the following issues: Update to go1.16.7: - go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162) - go#47348 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports - go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added - go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero - go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied. - go#46928 cmd/compile: register conflict between external linker and duffzero on arm64 - go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 - go#46551 cmd/go: unhelpful error message when running 'go install' on a replaced-but-not-required package This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182345 SUSE bug 1189162 CVE-2021-36221 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for jetty-minimal fixes the following issues: - jetty-minimal was upgraded to version 9.4.35.v20201120 - CVE-2020-27218: Fixed an issue where buffer not correctly recycled in Gzip Request inflation (bsc#1179727). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1179727 CVE-2020-27218 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032) - CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032) - CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1103032 CVE-2018-14679 CVE-2018-14681 CVE-2018-14682 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3527: usb: unbounded stack allocation in usbredir (bsc#1186012) - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) - CVE-2021-3682: usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145) - CVE-2020-35503: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432) - CVE-2020-35504,CVE-2020-35505,CVE-2020-35506: NULL pointer dereference in ESP (bsc#1180433 bsc#1180434 bsc#1180435) - CVE-2021-20255: eepro100: stack overflow via infinite recursion (bsc#1182651) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1180432 SUSE bug 1180433 SUSE bug 1180434 SUSE bug 1180435 SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1187364 SUSE bug 1187365 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1187499 SUSE bug 1187529 SUSE bug 1187538 SUSE bug 1187539 SUSE bug 1189145 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3582 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3607 CVE-2021-3608 CVE-2021-3611 CVE-2021-3682 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1172505 CVE-2020-12049 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1102408 SUSE bug 1138715 SUSE bug 1138746 SUSE bug 1176389 SUSE bug 1177120 SUSE bug 1182421 SUSE bug 1182422 CVE-2020-26137 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.15 fixes the following issues: Update to go1.15.15: - go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162) - go#47347 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports - go#47014 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied. - go#46927 cmd/compile: register conflict between external linker and duffzero on arm64 - go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175132 SUSE bug 1188906 SUSE bug 1189162 CVE-2021-36221 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: opera was updated to version 78.0.4093.147 - CHR-8251 Update chromium on desktop-stable-92-4093 to 92.0.4515.131 - DNA-93036 Opera not starting after closing window. Processes still working. - DNA-94516 Add ‘Detach tab’ entry to tab menu - DNA-94584 [Mac] Sidebar setup not closed after press ‘Add extensions’ button - DNA-94761 Crash when trying to record “Chrome developer” trace - DNA-94790 Crash at opera::VideoConferenceTabDetachController:: OnBrowserAboutToStartClosing(Browser*) - The update to chromium 92.0.4515.131 fixes following issues: CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594, CVE-2021-30596, CVE-2021-30597 Update to version 78.0.4093.112 - DNA-94466 Implement sorting Pinboards in overview - DNA-94582 Add access to APIs for showing pinboard icon in sidebar - DNA-94603 Suspicious pinboards events - DNA-94625 Disable opr.pinboardPrivate.getThumbnail() for local files - DNA-94640 Promote O78 to stable - DNA-94661 Missing translations for some languages - Complete Opera 78.0 changelog at: https://blogs.opera.com/desktop/changelog-for-78/ Important CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593 CVE-2021-30594 CVE-2021-30596 CVE-2021-30597 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for 389-ds fixes the following issues: - Update to version 1.4.3.24 - CVE-2021-3652: Fixed crypt handling of locked accounts. (bsc#1188455) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1188455 CVE-2021-3652 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for spectre-meltdown-checker fixes the following issues: spectre-meltdown-checker was updated to version 0.44 (bsc#1189477) - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression (#370) - enh: arm: add experimental support for binary arm images - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode - fix: fwdb: remove Intel extract tempdir on exit - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) - fix: fwdb: use the commit date as the intel fwdb version - fix: fwdb: update Intel's repository URL - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro - fix: on CPU parse info under FreeBSD - chore: github: add check run on pull requests - chore: fwdb: update to v165.20201021+i20200616 This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1189477 CVE-2017-5753 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (bsc#1189370, bsc#1188881) - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: http2: fixes use after free on close http2 on stream canceling (bsc#1188917) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188881 SUSE bug 1188917 SUSE bug 1189368 SUSE bug 1189369 SUSE bug 1189370 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: opera was updated to version 78.0.4093.184 - CHR-8533 Update chromium on desktop-stable-92-4093 to 92.0.4515.159 - DNA-93472 Reattaching to other browsers - DNA-93741 Multiple hint slots - DNA-93742 Allow displaying unobtrusive external hints - DNA-93744 Add slots in toolbar action view - DNA-94230 Improve text contrast for Speed Dials - DNA-94724 [Mac] Add macOS dark theme wallpaper with easy setup - DNA-94786 Crash at base::SupportsUserData:: SetUserData(void const*, std::__1::unique_ptr) - DNA-94807 Allow scripts access opera version and product info - DNA-94862 Continue on shopping Amazon doesn’t work correct - DNA-94870 Add an addonsPrivate function to install with permissions dialog first - DNA-95064 Revert DNA-93714 on stable - The update to chromium 92.0.4515.159 fixes following issues: CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601, CVE-2021-30602, CVE-2021-30603, CVE-2021-30604 Important CVE-2021-30598 CVE-2021-30599 CVE-2021-30600 CVE-2021-30601 CVE-2021-30602 CVE-2021-30603 CVE-2021-30604 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 (jsc#SLE-19970): Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. (bsc#1187418) Local attacker can login as any user and access their emails - CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. (bsc#1187419) Attacker can potentially steal user credentials and mails * Disconnection log messages are now more standardized across services. They also always now start with 'Disconnected' prefix. * Dovecot now depends on libsystemd for systemd integration. * Removed support for Lua 5.2. Use version 5.1 or 5.3 instead. * config: Some settings are now marked as 'hidden'. It's discouraged to change these settings. They will no longer be visible in doveconf output, except if they have been changed or if doveconf -s parameter is used. See https://doc.dovecot.org/settings/advanced/ for details. * imap-compress: Compression level is now algorithm specific. See https://doc.dovecot.org/settings/plugin/compress-plugin/ * indexer-worker: Convert 'Indexed' info logs to an event named 'indexer_worker_indexing_finished'. See https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexing-finished + Add TSLv1.3 support to min_protocols. + Allow configuring ssl_cipher_suites. (for TLSv1.3+) + acl: Add acl_ignore_namespace setting which allows to entirely ignore ACLs for the listed namespaces. + imap: Support official RFC8970 preview/snippet syntax. Old methods of retrieving preview information via IMAP commands ('SNIPPET and PREVIEW with explicit algorithm selection') have been deprecated. + imapc: Support INDEXPVT for imapc storage to enable private message flags for cluster wide shared mailboxes. + lib-storage: Add new events: mail_opened, mail_expunge_requested, mail_expunged, mail_cache_lookup_finished. See https://doc.dovecot.org/admin_manual/list_of_events/#mail + zlib, imap-compression, fs-compress: Support compression levels that the algorithm supports. Before, we would allow hardcoded value between 1 to 9 and would default to 6. Now we allow using per-algorithm value range and default to whatever default the algorithm specifies. - *-login: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. This applies to all protocols that involve user login, which currently comprises of imap, pop3, submisision and managesieve. - *-login: Processes are supposed to disconnect the oldest non-logged in connection when process_limit was reached. This didn't actually happen with the default 'high-security mode' (with service_count=1) where each connection is handled by a separate process. - *-login: When login process reaches client/process limits, oldest client connections are disconnected. If one of these was still doing anvil lookup, this caused a crash. This could happen only if the login process limits were very low or if the server was overloaded. - Fixed building with link time optimizations (-flto). - auth: Userdb iteration with passwd driver does not always return all users with some nss drivers. - dsync: Shared INBOX not synced when 'mail_shared_explicit_inbox' was disabled. If a user has a shared mailbox which is another user's INBOX, dsync didn't include the mailbox in syncing unless explicit naming is enabled with 'mail_shared_explicit_inbox' set to 'yes'. - dsync: Shared namespaces were not synced with '-n' flag. - dsync: Syncing shared INBOX failed if mail_attribute_dict was not set. If a user has a shared mailbox that is another user's INBOX, dsync failed to export the mailbox if mail attributes are disabled. - fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP requests to assert-crash: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - fts-tika: 5xx errors returned by Tika server as indexing failures. However, Tika can return 5xx for some attachments every time. So the 5xx error should be retried once, but treated as success if it happens on the retry as well. v2.3 regression. - fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - imap: SETMETADATA could not be used to unset metadata values. Instead NIL was handled as a 'NIL' string. v2.3.14 regression. - imap: IMAP BINARY FETCH crashes at least on empty base64 body: Panic: file index-mail-binary.c: line 358 (blocks_count_lines): assertion failed: (block_count == 0 || block_idx+1 == block_count) - imap: If IMAP client using the NOTIFY command was disconnected while sending FETCH notifications to the client, imap could crash with Panic: Trying to close mailbox INBOX with open transactions. - imap: Using IMAP COMPRESS extension can cause IMAP connection to hang when IMAP commands are >8 kB long. - imapc: If remote server sent BYE but didn't immediately disconnect, it could cause infinite busy-loop. - lib-index: Corrupted cache record size in dovecot.index.cache file could have caused a crash (segfault) when accessing it. - lib-oauth2: JWT token time validation now works correctly with 32-bit systems. - lib-ssl-iostream: Checking hostnames against an SSL certificate was case-sensitive. - lib-storage: Corrupted mime.parts in dovecot.index.cache may have resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body): assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0)) - lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't preserve the 'hdr-pop3-uidl' header. Because of this, the next pop3 session could have accessed all of the emails' metadata to read their POP3 UIDL (opening dbox files). - listescape: When using the listescape plugin and a shared namespace the plugin didn't work properly anymore resulting in errors like: 'Invalid mailbox name: Name must not have '/' character.' - lmtp: Connection crashes if connection gets disconnected due to multiple bad commands and the last bad command is BDAT. - lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly forwarded by LMTP proxy without checking that the backend has support. This caused a command parameter error from the backend if it was running an older Dovecot release. This could only occur in more complex setups where the message was proxied twice; when the proxy generated the XRCPTFORWARD parameter itself the problem did not occur, so this only happened when it was forwarded. - lmtp: The LMTP proxy crashes with a panic when the remote server replies with an error while the mail is still being forwarded through a DATA/BDAT command. - lmtp: Username may have been missing from lmtp log line prefixes when it was performing autoexpunging. - master: Dovecot would incorrectly fail with haproxy 2.0.14 service checks. - master: Systemd service: Dovecot announces readiness for accepting connections earlier than it should. The following environment variables are now imported automatically and can be omitted from import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID. - master: service { process_min_avail } was launching processes too slowly when master was forking a lot of processes. - util: Make the health-check.sh example script POSIX shell compatible. * Added new aliases for some variables. Usage of the old ones is possible, but discouraged. (These were partially added already to v2.3.13.) See https://doc.dovecot.org/configuration_manual/config_file/config_variables/ for more information. * Optimize imap/pop3/submission/managesieve proxies to use less CPU at the cost of extra memory usage. * Remove autocreate, expire, snarf and mail-filter plugins. * Remove cydir storage driver. * Remove XZ/LZMA write support. Read support will be removed in future release. * doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP environment variable is not set. Timestamp format is taken from log_timestamp setting. * If BROKENCHAR or listescape plugin is used, the escaped folder names may be slightly different from before in some situations. This is unlikely to cause issues, although caching clients may redownload the folders. * imapc: It now enables BROKENCHAR=~ by default to escape remote folder names if necessary. This also means that if there are any '~' characters in the remote folder names, they will be visible as '~7e'. * imapc: When using local index files folder names were escaped on filesystem a bit differently. This affects only if there are folder names that actually require escaping, which isn't so common. The old style folders will be automatically deleted from filesystem. * stats: Update exported metrics to be compliant with OpenMetrics standard. + doveadm: Add an optional '-p' parameter to metadata list command. If enabled, '/private', and '/shared' metadata prefixes will be prepended to the keys in the list output. + doveconf: Support environment variables in config files. See https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables for more details. + indexer-worker: Change indexer to disconnect from indexer-worker after each request. This allows service indexer-worker's service_count & idle_kill settings to work. These can be used to restart indexer-worker processes once in a while to reduce their memory usage. - auth: 'nodelay' with various authentication mechanisms such as apop and digest-md5 crashed AUTH process if authentication failed. - auth: Auth lua script generating an error triggered an assertion failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify): assertion failed: (lua_gettop(script->L) == 0). - configure: Fix libunwind detection to work on other than x86_64 systems. - doveadm-server: Process could crash if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - dsync: Folder name escaping with BROKENCHAR didn't work completely correctly. This especially caused problems with dsync-migrations using imapc where some of the remote folder names may not have been accessible. - dsync: doveadm sync + imapc doesn't always sync all mails when doing an incremental sync (-1), which could lead to mail loss when it's used for migration. This happens only when GUIDs aren't used (i.e. imapc without imapc_features=guid-forced). - fts-tika: When tika server returns error, some mails cause Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input)) - lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have resulted in crashes. This exposed that Dovecot was wrongly accepting atoms in 'nstring' handling. Changed the IMAP parsing to be more strict about this now. - lib-index: If dovecot.index.cache has corrupted message size, fetching BODY/BODYSTRUCTURE may cause assert-crash: Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish): assertion failed: (mail->data.parts != NULL). - lib-index: Minor error handling and race condition fixes related to rotating dovecot.index.log. These didn't usually cause problems, unless the log files were rotated rapidly. - lib-lua: Lua scripts using coroutines or lua libraries using coroutines (e.g., cqueues) panicked. - Message PREVIEW handled whitespace wrong so first space would get eaten from between words. - FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE). - event filters: NOT keyword did not have the correct associativity. - Ignore ECONNRESET when closing socket. This avoids logging useless errors on systems like FreeBSD. - event filters: event filter syntax error may lead to Panic: file event-filter.c: line 137 (event_filter_parse): assertion failed: (state.output == NULL) - lib: timeval_cmp_margin() was broken on 32-bit systems. This could potentially have caused HTTP timeouts to be handled incorrectly. - log: instance_name wasn't used as syslog ident by the log process. - master: After a service reached process_limit and client_limit, it could have taken up to 1 second to realize that more client connections became available. During this time client connections could have been unnecessarily rejected and a warning logged: Warning: service(...): process_limit (...) reached, client connections are being dropped - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. - stats: Event filters comparing against empty strings crash the stats process. * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * Metric filter and global event filter variable syntax changed to a SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/ * auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. * auth: Removed postfix postmap socket + auth: Added new fields for auth server events. These fields are now also available for all auth events. See https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details. + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated and imap_client_unhibernate_retried events. See https://doc.dovecot.org/admin_manual/list_of_events/ for details. + lib-index: Added new mail_index_recreated event. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated + lib-sql: Support TLS options for cassandra driver. This requires cpp-driver v2.15 (or later) to work reliably. + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now added to existing mails if mail_attachment_detection_option=add-flags and it can be done inexpensively. + login proxy: Added login_proxy_max_reconnects setting (default 3) to control how many reconnections are attempted. + login proxy: imap/pop3/submission/managesieve proxying now supports reconnection retrying on more than just connect() failure. Any error except a non-temporary authentication failure will result in reconnect attempts. - auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process. - auth: SASL authentication PLAIN mechanism could be used to trigger read buffer overflow. However, this doesn't seem to be exploitable in any way. - auth: v2.3.11 regression: GSSAPI authentication fails because dovecot disallows NUL bytes for it. - dict: Process used too much CPU when iterating keys, because each key used a separate write() syscall. - doveadm-server: Crash could occur if logging was done outside command handling. For example http-client could have done debug logging afterwards, resulting in either segfault or Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL). - doveadm-server: v2.3.11 regression: Trying to connect to doveadm server process via starttls assert-crashed if there were no ssl=yes listeners: Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): assertion failed: (service->ssl_ctx_initialized). - fts-solr: HTTP requests may have assert-crashed: Panic: file http-client-request.c: line 1232 (http_client_request_send_more): assertion failed: (req->payload_input != NULL) - imap: IMAP NOTIFY could crash with a segmentation fault due to a bad configuration that causes errors. Sending the error responses to the client can cause the segmentation fault. This can for example happen when several namespaces use the same mail storage location. - imap: IMAP NOTIFY used on a shared namespace that doesn't actually exist (e.g. public namespace for a nonexistent user) can crash with a panic: Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0 - imap: IMAP session can crash with QRESYNC extension if many changes are done before asking for expunged mails since last sync. - imap: Process might hang indefinitely if client disconnects after sending some long-running commands pipelined, for example FETCH+LOGOUT. - lib-compress: Mitigate crashes when configuring a not compiled in compression. Errors with compression configuration now distinguish between not supported and unknown. - lib-compression: Using xz/lzma compression in v2.3.11 could have written truncated output in some situations. This would result in 'Broken pipe' read errors when trying to read it back. - lib-compression: zstd compression could have crashed in some situations: Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking) - lib-dict: dict client could have crashed in some rare situations when iterating keys. - lib-http: Fix several assert-crashes in HTTP client. - lib-index: v2.3.11 regression: When mails were expunged at the same time as lots of new content was being saved to the cache (e.g. cache file was lost and is being re-filled) a deadlock could occur with dovecot.index.cache / dovecot.index.log. - lib-index: v2.3.11 regression: dovecot.index.cache file was being purged (rewritten) too often when it had a field that hadn't been accessed for over 1 month, but less than 2 months. Every cache file change caused a purging in this situation. - lib-mail: MIME parts were not returned correctly by Dovecot MIME parser. Regression caused by fixing CVE-2020-12100. - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for both IMAP clients and Dovecot itself when parsing it. The truncated part is now written out using application/octet-stream MIME type. - lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the 10000th MIME part was message/rfc822 (or if parent was multipart/digest): Panic: file message-parser.c: line 167 (message_part_append): assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts). - lib-oauth2: Dovecot incorrectly required oauth2 server introspection reply to contain username with invalid token. - lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has deprecated APIs disabled. - lib-storage: When mail's size is different from the cached one (in dovecot.index.cache or Maildir S=size in the filename), this is handled by logging 'Cached message size smaller/larger than expected' error. However, in some situations this also ended up crashing with: Panic: file istream.c: line 315 (i_stream_read_memarea): assertion failed: (old_size <= _stream->pos - _stream->skip). - lib-storage: v2.3 regression: Copying/moving mails was taking much more memory than before. This was mainly visible when copying/moving thousands of mails in a single transaction. - lib-storage: v2.3.11 regression: Searching messages assert-crashed (without FTS): Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0). - lib: Dovecot v2.3 moved signal handlers around in ioloops, causing more CPU usage than in v2.2. - lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted in error if it happened to be at read boundary. Any NUL characters and '\u0000' will now result in parsing error instead of silently truncating the data. - lmtp, submission: Server may hang if SSL client connection disconnects during the delivery. If this happened repeated, it could have ended up reaching process_limit and preventing any further lmtp/submission deliveries. - lmtp: Proxy does not always properly log TLS connection problems as errors; in some cases, only a debug message is logged if enabled. - lmtp: The LMTP service can hang when commands are pipelined. This can particularly occur when one command in the middle of the pipeline fails. One example of this occurs for proxied LMTP transactions in which the final DATA or BDAT command is pipelined after a failing RCPT command. - login-proxy: The login_source_ips setting has no effect, and therefore the proxy source IPs are not cycled through as they should be. - master: Process was using 100% CPU in some situations when a broken service was being throttled. - pop3-login: POP3 login would fail with 'Input buffer full' if the initial response for SASL was too long. - stats: Crash would occur when generating openmetrics data for metrics using aggregating functions. Update pigeonhole to version 0.5.15 * CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out. (bsc#1187420) Attacker can DoS the mail delivery system (jsc#PM-2746) ECO: Dovecot 2.3.15 version upgrade * Disconnection log messages are now more standardized across services. They also always now start with 'Disconnected' prefix. * managesieve: Commands pipelined together with and just after the authenticate command cause these commands to be executed twice. * duplicate: The test was handled badly in a multiscript (sieve_before, sieve_after) scenario in which an earlier script in the sequence with a duplicate test succeeded, while a later script caused a runtime failure. In that case, the message is recorded for duplicate tracking, while the message may not actually have been delivered in the end. * editheader: Sieve interpreter entered infinite loop at startup when the 'editheader' configuration listed an invalid header name. This problem can only be triggered by the administrator. * relational: The Sieve relational extension can cause a segfault at compile time. This is triggered by invalid script syntax. The segfault happens when this match type is the last argument of the test command. This situation is not possible in a valid script; positional arguments are normally present after that, which would prevent the segfault. * sieve: For some Sieve commands the provided mailbox name is not properly checked for UTF-8 validity, which can cause assert crashes at runtime when an invalid mailbox name is encountered. This can be caused by the user by writing a bad Sieve script involving the affected commands ('mailboxexists', 'specialuse_exists'). This can be triggered by the remote sender only when the user has written a Sieve script that passes message content to one of the affected commands. * sieve: Large sequences of 8-bit octets passed to certain Sieve commands that create or modify message headers that allow UTF-8 text (vacation, notify and addheader) can cause the delivery or IMAP process (when IMAPSieve is used) to enter a memory-consuming semi-infinite loop that ends when the process exceeds its memory limits. Logged in users can cause these hangs only for their own processes. This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1187418 SUSE bug 1187419 SUSE bug 1187420 CVE-2020-28200 CVE-2021-29157 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for viewvc fixes the following issues: - update to 1.1.28 (boo#1167974, CVE-2020-5283): * security fix: escape subdir lastmod file name (#211) * fix standalone.py first request failure (#195) * suppress stack traces (with option to show) (#140) * distinguish text/binary/image files by icons (#166, #175) * colorize alternating file content lines (#167) * link to the instance root from the ViewVC logo (#168) * display directory and root counts, too (#169) * fix double fault error in standalone.py (#157) * support timezone offsets with minutes piece (#176) This update was imported from the openSUSE:Leap:15.1:Update update project. Moderate SUSE bug 1167974 CVE-2020-5283 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gstreamer-plugins-good fixes the following issues: - CVE-2021-3498: Matroskademux: initialize track context out parameter to NULL before parsing (bsc#1184735). - CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack (bsc#1184739). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1184735 SUSE bug 1184739 CVE-2021-3497 CVE-2021-3498 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs (bsc#1159552). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1159552 CVE-2018-1311 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1185476 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and mod_proxy (bsc#1189387). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1189387 CVE-2021-33193 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1137251 SUSE bug 1176189 SUSE bug 1179148 SUSE bug 1179246 SUSE bug 1180491 SUSE bug 1181989 SUSE bug 1183877 SUSE bug 1185682 SUSE bug 1186428 SUSE bug 1186429 SUSE bug 1186433 SUSE bug 1186434 SUSE bug 1188050 SUSE bug 1189373 SUSE bug 1189376 SUSE bug 1189378 SUSE bug 1189380 SUSE bug 1189381 SUSE bug 1189882 CVE-2021-0089 CVE-2021-28690 CVE-2021-28692 CVE-2021-28693 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter (bsc#1189369). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1188881 SUSE bug 1188917 SUSE bug 1189369 SUSE bug 1189370 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ntfs-3g_ntfsprogs fixes the following issues: Update to version 2021.8.22 (bsc#1189720): * Fixed compile error when building with libfuse < 2.8.0 * Fixed obsolete macros in configure.ac * Signalled support of UTIME_OMIT to external libfuse2 * Fixed an improper macro usage in ntfscp.c * Updated the repository change in the README * Fixed vulnerability threats caused by maliciously tampered NTFS partitions * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. - Library soversion is now 89 * Changes in version 2017.3.23 * Delegated processing of special reparse points to external plugins * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs * Enabled fallback to read-only mount when the volume is hibernated * Made a full check for whether an extended attribute is allowed * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap) * Enabled encoding broken UTF-16 into broken UTF-8 * Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev> * Allowed using the full library API on systems without extended attributes support * Fixed DISABLE_PLUGINS as the condition for not using plugins * Corrected validation of multi sector transfer protected records * Denied creating/removing files from $Extend * Returned the size of locale encoded target as the size of symlinks This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1189720 CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). This update was imported from the SUSE:SLE-15-SP2:Update update project. Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gifsicle fixes the following issues: Update to version 1.93: * Fix security bug on certain resize operations with `--resize-method=box` * Fix problems with colormapless GIFs. Update to version 1.92 * Add `--lossy` option from Kornel Lipiński. * Remove an assertion failure possible with `--conserve-memory` + `--colors` + `--careful`. Moderate cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo#1190291 - CVE-2021-32766 (CWE-209): Generation of Error Message Containing Sensitive Information - CVE-2021-32800 (CWE-306): Missing Authentication for Critical Function - CVE-2021-32801 (CWE-532): Insertion of Sensitive Information into Log File - CVE-2021-32802 (CWE-829): Inclusion of Functionality from Untrusted Control Sphere Changes: - Bump vue-router from 3.4.3 to 3.4.9 (server#27224) - Bump v-click-outside from 3.1.1 to 3.1.2 (server#27232) - Bump url-search-params-polyfill from 8.1.0 to 8.1.1 (server#27236) - Bump debounce from 1.2.0 to 1.2.1 (server#27646) - Bump vue and vue-template-compiler (server#27701) - Design fixes to app-settings button (server#27745) - Reset checksum when writing files to object store (server#27754) - Run s3 tests again (server#27804) - Fix in locking cache check (server#27829) - Bump dompurify from 2.2.8 to 2.2.9 (server#27836) - Make search popup usable on mobile, too (server#27858) - Cache images on browser (server#27863) - Fix dark theme on public link shares (server#27895) - Make user status usable on mobile (server#27897) - Do not escape display name in dashboard welcome text (server#27913) - Bump moment-timezone from 0.5.31 to 0.5.33 (server#27924) - Fix newfileMenu on public page (server#27941) - Fix svg icons disapearing in app navigation when text overflows (server#27955) - Bump bootstrap from 4.5.2 to 4.5.3 (server#27965) - Show registered breadcrumb detail views in breadcrumb menu (server#27970) - Fix regression in file sidebar (server#27976) - Bump exports-loader from 1.1.0 to 1.1.1 (server#27984) - Bump @nextcloud/capabilities from 1.0.2 to 1.0.4 (server#27985) - Bump @nextcloud/vue-dashboard from 1.0.0 to 1.0.1 (server#27988) - Improve notcreatable permissions hint (server#28006) - Update CRL due to revoked twofactor_nextcloud_notification.crt (server#28018) - Bump sass-loader from 10.0.2 to 10.0.5 (server#28032) - Increase footer height for longer menus (server#28045) - Mask password for Redis and RedisCluster on connection failure (server#28054) - Fix missing theming for login button (server#28065) - Fix overlapping of elements in certain views (server#28072) - Disable HEIC image preview provider for performance concerns (server#28081) - Improve provider check (server#28087) - Sanitize more functions from the encryption app (server#28091) - Hide download button for public preview of audio files (server#28096) - L10n: HTTP in capital letters (server#28107) - Fix dark theme in file exists dialog (server#28111) - Let memory limit set in tests fit the used amount (server#28125) - User management - Add icon to user groups (server#28172) - Bump marked from 1.1.1 to 1.1.2 (server#28187) - Fix variable override in file view (server#28191) - Bump regenerator-runtime from 0.13.7 to 0.13.9 (server#28207) - Bump url-loader from 4.1.0 to 4.1.1 (server#28208) - Fix Files breadcrumbs being hidden even if there is enough space (server#28224) - Dont apply jail search filter is on the root (server#28241) - Check that php was compiled with argon2 support or that the php-sodium extensions is installed (server#28289) - Fix preference name when generating notifications (activity#603) - Fix monochrome icon detection for correct dark mode invert (activity#607) - Fix 'Enable notification emails' (activity#613) - Show add, del and restored files within by and self filter (activity#616) - Link from app-navigation-settings to personal settings (activity#625) - Fix pdfviewer design (files_pdfviewer#446) - Include version number in firstrunwizard (firstrunwizard#570) - Use notification main link if no parameter has a link (notifications#1040) - Bump sass-loader from 10.1.0 to 10.1.1 (text#1360) - Bump @babel/plugin-transform-runtime from 7.13.9 to 7.13.15 (text#1548) - Bump @babel/preset-env from 7.13.9 to 7.13.15 (text#1550) - Bump vue-loader from 15.9.6 to 15.9.7 (text#1592) - Unify error responses and add logging where appropriate (text#1719) - Disable header timeout on mobile (viewer#978) Important SUSE bug 1190291 CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libaom fixes the following issues: - CVE-2021-30475: Fixed buffer overflow in aom_dsp/noise_model.c (bsc#1189497). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1189497 CVE-2021-30475 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for php7-pear fixes the following issues: - CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1189591 CVE-2020-36193 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3640: A Use-After-Free vulnerability in function sco_sock_sendmsg() was fixed (bnc#1188172). - CVE-2021-34556: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-35477: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - Add alt-commit for a BT fix patch (git-fixes) - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-cgroup-kABI-fixes-for-new-fc_app_id-definition.patch - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: do not force commit if we are data (bsc#1135481). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip out may_commit_transaction (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181). - cgroup: verify that source is a string (bsc#1190131). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: cpuidle_state kABI fix (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm: Copy drm_wait_vblank to user before returning (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/nouveau/disp: power down unused DP links during init (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/panfrost: Simplify lock_region calculation (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - Fix breakage of swap over NFS (bsc#1188924). - Fix kabi of prepare_to_wait_exclusive() (bsc#1189575). - fixup 'rpm: support gz and zst compression methods' - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: mpc8xxx: Fix a resources leak in the error handling path of 'mpc8xxx_probe()' (git-fixes). - gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats (git-fixes). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - HID: input: do not report stylus battery state as 'full' (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - intel_idle: Use ACPI _CST on server systems (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs (git-fixes). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lockd: Fix invalid lockowner cast after vfs_test_lock (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - mfd: axp20x: Update AXP288 volatile ranges (git-fixes). - mfd: lpc_sch: Rename GPIOBASE to prevent build error (git-fixes). - mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: do not update block size after device is started (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - nfs: Correct size calculation for create reply length (bsc#1189870). - nfsd4: Fix forced-expiry locking (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nfsv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - nfsv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - PCI: Call Max Payload Size-related fixup quirks early (git-fixes). - PCI: Fix pci_dev_str_match_path() alloc while atomic bug (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: iproc: Fix BCMA probe resource handling (git-fixes). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - PCI/portdrv: Enable Bandwidth Notification only if port supports it (git-fixes). - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes). - PCI: xilinx-nwl: Enable the clock through CCF (git-fixes). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - pwm: lpc32xx: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes). - README: Modernize build instructions. - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - reset: reset-zynqmp: Fixed the argument data type (git-fixes). - Revert 'ACPICA: Fix memory leak caused by _CID repair function' (git-fixes). - Revert 'dmaengine: imx-sdma: refine to load context only once' (git-fixes). - Revert 'gpio: eic-sprd: Use devm_platform_ioremap_resource()' (git-fixes). - Revert 'memcg: enable accounting for file lock caches (bsc#1190115).' - Revert 'mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711' (git-fixes). - Revert 'USB: serial: ch341: fix character loss at high transfer rates' (git-fixes). - rpm: Abolish image suffix (bsc#1189841). - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes) - sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes). - sched/rt: Fix RT utilization tracking during policy change (git-fixes) - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix potential memory corruption (git-fixes). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: Simplify socket shutdown when not reusing TCP ports (git-fixes). - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - virtio_pci: Support surprise removal of virtio pci device (git-fixes). - virt_wifi: fix error on connect (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). - usb: dwc2: Fix error path in gadget registration (git-fixes). Important SUSE bug 1040364 SUSE bug 1124431 SUSE bug 1127650 SUSE bug 1135481 SUSE bug 1152489 SUSE bug 1160010 SUSE bug 1167032 SUSE bug 1168202 SUSE bug 1171420 SUSE bug 1174969 SUSE bug 1175052 SUSE bug 1175543 SUSE bug 1177399 SUSE bug 1180141 SUSE bug 1180347 SUSE bug 1181006 SUSE bug 1181148 SUSE bug 1181972 SUSE bug 1184114 SUSE bug 1184180 SUSE bug 1185675 SUSE bug 1186731 SUSE bug 1187211 SUSE bug 1187455 SUSE bug 1187468 SUSE bug 1187619 SUSE bug 1188067 SUSE bug 1188172 SUSE bug 1188418 SUSE bug 1188439 SUSE bug 1188616 SUSE bug 1188878 SUSE bug 1188885 SUSE bug 1188924 SUSE bug 1188982 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189153 SUSE bug 1189197 SUSE bug 1189209 SUSE bug 1189210 SUSE bug 1189212 SUSE bug 1189213 SUSE bug 1189214 SUSE bug 1189215 SUSE bug 1189216 SUSE bug 1189217 SUSE bug 1189218 SUSE bug 1189219 SUSE bug 1189220 SUSE bug 1189221 SUSE bug 1189222 SUSE bug 1189229 SUSE bug 1189262 SUSE bug 1189291 SUSE bug 1189292 SUSE bug 1189298 SUSE bug 1189301 SUSE bug 1189305 SUSE bug 1189323 SUSE bug 1189384 SUSE bug 1189385 SUSE bug 1189392 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189427 SUSE bug 1189449 SUSE bug 1189503 SUSE bug 1189504 SUSE bug 1189505 SUSE bug 1189506 SUSE bug 1189507 SUSE bug 1189562 SUSE bug 1189563 SUSE bug 1189564 SUSE bug 1189565 SUSE bug 1189566 SUSE bug 1189567 SUSE bug 1189568 SUSE bug 1189569 SUSE bug 1189573 SUSE bug 1189574 SUSE bug 1189575 SUSE bug 1189576 SUSE bug 1189577 SUSE bug 1189579 SUSE bug 1189581 SUSE bug 1189582 SUSE bug 1189583 SUSE bug 1189585 SUSE bug 1189586 SUSE bug 1189587 SUSE bug 1189706 SUSE bug 1189760 SUSE bug 1189832 SUSE bug 1189841 SUSE bug 1189870 SUSE bug 1189883 SUSE bug 1190022 SUSE bug 1190025 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190131 SUSE bug 1190181 SUSE bug 1190358 SUSE bug 1190412 SUSE bug 1190428 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38207 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381) Also a hardening fix was added: - Link as position independent executable (bsc#1184123) This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1184123 SUSE bug 1190381 CVE-2021-3781 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fail2ban fixes the following issues: - CVE-2021-32749: prevent a command injection via mail command (boo#1188610) - Integrate change to resolve boo#1146856 and boo#1180738 Update to 0.11.2 - increased stability, filter and action updates New Features and Enhancements * fail2ban-regex: - speedup formatted output (bypass unneeded stats creation) - extended with prefregex statistic - more informative output for `datepattern` (e. g. set from filter) - pattern : description * parsing of action in jail-configs considers space between action-names as separator also (previously only new-line was allowed), for example `action = a b` would specify 2 actions `a` and `b` * new filter and jail for GitLab recognizing failed application logins (gh#fail2ban/fail2ban#2689) * new filter and jail for Grafana recognizing failed application logins (gh#fail2ban/fail2ban#2855) * new filter and jail for SoftEtherVPN recognizing failed application logins (gh#fail2ban/fail2ban#2723) * `filter.d/guacamole.conf` extended with `logging` parameter to follow webapp-logging if it's configured (gh#fail2ban/fail2ban#2631) * `filter.d/bitwarden.conf` enhanced to support syslog (gh#fail2ban/fail2ban#2778) * introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex; * datetemplate: improved anchor detection for capturing groups `(^...)`; * datepattern: improved handling with wrong recognized timestamps (timezones, no datepattern, etc) as well as some warnings signaling user about invalid pattern or zone (gh#fail2ban/fail2ban#2814): - filter gets mode in-operation, which gets activated if filter starts processing of new messages; in this mode a timestamp read from log-line that appeared recently (not an old line), deviating too much from now (up too 24h), will be considered as now (assuming a timezone issue), so could avoid unexpected bypass of failure (previously exceeding `findtime`); - better interaction with non-matching optional datepattern or invalid timestamps; - implements special datepattern `{NONE}` - allow to find failures totally without date-time in log messages, whereas filter will use now as timestamp (gh#fail2ban/fail2ban#2802) * performance optimization of `datepattern` (better search algorithm in datedetector, especially for single template); * fail2ban-client: extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS), gh#fail2ban/fail2ban#2791; * extended capturing of alternate tags in filter, allowing combine of multiple groups to single tuple token with new tag prefix `<F-TUPLE_`, that would combine value of `<F-V>` with all value of `<F-TUPLE_V?_n?>` tags (gh#fail2ban/fail2ban#2755) - Fixes * [stability] prevent race condition - no ban if filter (backend) is continuously busy if too many messages will be found in log, e. g. initial scan of large log-file or journal (gh#fail2ban/fail2ban#2660) * pyinotify-backend sporadically avoided initial scanning of log-file by start * python 3.9 compatibility (and Travis CI support) * restoring a large number (500+ depending on files ulimit) of current bans when using PyPy fixed * manual ban is written to database, so can be restored by restart (gh#fail2ban/fail2ban#2647) * `jail.conf`: don't specify `action` directly in jails (use `action_` or `banaction` instead) * no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh#fail2ban/fail2ban#2357 * ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh#fail2ban/fail2ban#2686) * don't use `%(banaction)s` interpolation because it can be complex value (containing `[...]` and/or quotes), so would bother the action interpolation * fixed type conversion in config readers (take place after all interpolations get ready), that allows to specify typed parameters variable (as substitutions) as well as to supply it in other sections or as init parameters. * `action.d/*-ipset*.conf`: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only, gh#fail2ban/fail2ban#2703) * `action.d/cloudflare.conf`: fixed `actionunban` (considering new-line chars and optionally real json-parsing with `jq`, gh#fail2ban/fail2ban#2140, gh#fail2ban/fail2ban#2656) * `action.d/nftables.conf` (type=multiport only): fixed port range selector, replacing `:` with `-` (gh#fail2ban/fail2ban#2763) * `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-` (gh#fail2ban/fail2ban#2821) * `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num` (gh#fail2ban/fail2ban#2836) * `filter.d/common.conf`: avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (inside the filter-config, gh#fail2ban/fail2ban#2650) * `filter.d/dovecot.conf`: - add managesieve and submission support (gh#fail2ban/fail2ban#2795); - accept messages with more verbose logging (gh#fail2ban/fail2ban#2573); * `filter.d/courier-smtp.conf`: prefregex extended to consider port in log-message (gh#fail2ban/fail2ban#2697) * `filter.d/traefik-auth.conf`: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently (gh#fail2ban/fail2ban#2693): - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) * `filter.d/sshd.conf`: normalizing of user pattern in all RE's, allowing empty user (gh#fail2ban/fail2ban#2749) Update to 0.11.1: * Increment ban time (+ observer) functionality introduced. * Database functionality extended with bad ips. * New tags (usable in actions): - `<bancount>` - ban count of this offender if known as bad (started by 1 for unknown) - `<bantime>` - current ban-time of the ticket (prolongation can be retarded up to 10 sec.) * Introduced new action command `actionprolong` to prolong ban-time (e. g. set new timeout if expected); * algorithm of restore current bans after restart changed: update the restored ban-time (and therefore end of ban) of the ticket with ban-time of jail (as maximum), for all tickets with ban-time greater (or persistent) * added new setup-option `--without-tests` to skip building and installing of tests files (gh-2287). * added new command `fail2ban-client get <JAIL> banip ?sep-char|--with-time?` to get the banned ip addresses (gh-1916). * purge database will be executed now (within observer). restoring currently banned ip after service restart fixed (now < timeofban + bantime), ignore old log failures (already banned) * upgrade database: update new created table `bips` with entries from table `bans` (allows restore current bans after upgrade from version <= 0.10) - removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2 will be removed from Factory (see sr#713247): * removed references to SuSEfirewall2 service * use references to SuSEfirewall2 only for older distributions * Removed installation recommendation of the fail2ban-SuSEfirewall2 package for all distributions as it is deprecated. - changed fail2ban unit file location (boo#1145181, gh#fail2ban/fail2ban#2474) Important SUSE bug 1145181 SUSE bug 1146856 SUSE bug 1180738 SUSE bug 1188610 CVE-2021-32749 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wireshark fixes the following issues: - Update to Wireshark 3.4.7 - CVE-2021-22235: Fixed DNP dissector crash (bsc#1188375). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1188375 CVE-2021-22235 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis (bsc#1188638) - CVE-2021-32786: open redirect in logout functionality (bsc#1188639) - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849) - CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1188638 SUSE bug 1188639 SUSE bug 1188848 SUSE bug 1188849 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for haserl fixes the following issues: Update to version 0.9.36: * Fixed: Its possible to issue a PUT request without a CONTENT-TYPE. Assume an octet-stream in that case. This is CVE-2021-29133 and boo#1187671 * Change the Prefix for variables to be the REQUEST_METHOD (PUT/DELETE/GET/POST) THIS IS A BREAKING CHANGE * Mitigations vs running haserl to get access to files not available to the user. Moderate SUSE bug 1187671 CVE-2021-29133 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for php-composer fixes the following issues: - Require php-mbstring as requested in boo#1187416 - Version 1.10.22 * Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472), boo#1185376 - Version 1.10.21 * Fixed support for new GitHub OAuth token format * Fixed processes silently ignoring the CWD when it does not exist - Version 1.10.20 * Fixed exclude-from-classmap causing regex issues when having too many paths * Fixed compatibility issue with Symfony 4/5 - Version 1.10.17 * Fixed Bitbucket API authentication issue * Fixed parsing of Composer 2 lock files breaking in some rare conditions - Version 1.10.16 * Added warning to validate command for cases where packages provide/ replace a package that they also require * Fixed JSON schema validation issue with PHPStorm * Fixed symlink handling in archive command - Version 1.10.15 * Fixed path repo version guessing issue - Version 1.10.14 * Fixed version guesser to look at remote branches as well as local ones * Fixed path repositories version guessing to handle edge cases where version is different from the VCS-guessed version * Fixed COMPOSER env var causing issues when combined with the global command * Fixed a few issues dealing with PHP without openssl extension (not recommended at all but sometimes needed for testing) - Version 1.10.13 * Fixed regressions with old version validation * Fixed invalid root aliases not being reported - Version 1.10.12 * Fixed regressions with old version validation - Version 1.10.11 * Fixed more PHP 8 compatibility issues * Fixed regression in handling of CTRL-C when xdebug is loaded * Fixed status handling of broken symlinks - Version 1.10.10 * Fixed create-project not triggering events while installing the root package * Fixed PHP 8 compatibility issue * Fixed self-update to avoid automatically upgrading to the next major version once it becomes stable - Version 1.10.9 * Fixed Bitbucket redirect loop when credentials are outdated * Fixed GitLab auth prompt wording * Fixed self-update handling of files requiring admin permissions to write to on Windows (it now does a UAC prompt) * Fixed parsing issues in funding.yml files - Version 1.10.8 * Fixed compatibility issue with git being configured to show signatures by default * Fixed discarding of local changes when updating packages to include untracked files * Several minor fixes - Version 1.10.7 * Fixed PHP 8 deprecations * Fixed detection of pcntl_signal being in disabled_functions when pcntl_async_signal is allowed - Version 1.10.6 * Fixed version guessing to take composer-runtime-api and composer-plugin-api requirements into account to avoid selecting packages which require Composer 2 * Fixed package name validation to allow several dashes following each other * Fixed post-status-cmd script not firing when there were no changes to be displayed * Fixed composer-runtime-api support on Composer 1.x, the package is now present as 1.0.0 * Fixed support for composer show --name-only --self * Fixed detection of GitLab URLs when handling authentication in some cases - Version 1.10.5 * Fixed self-update on PHP <5.6, seriously please upgrade * Fixed 1.10.2 regression with PATH resolution in scripts - Version 1.10.4 * Fixed 1.10.2 regression in path symlinking with absolute path repos - Version 1.10.3 * Fixed invalid --2 flag warning in self-update when no channel is requested - Version 1.10.2 * Added --1 flag to self-update command which can be added to automated self-update runs to make sure it won't automatically jump to 2.0 once that is released * Fixed path repository symlinks being made relative when the repo url is defined as absolute paths * Fixed potential issues when using 'composer ...' in scripts and composer/composer was also required in the project * Fixed 1.10.0 regression when downloading GitHub archives from non-API URLs * Fixed handling of malformed info in fund command * Fixed Symfony5 compatibility issues in a few commands - Version 1.10.1 * Fixed path repository warning on empty path when using wildcards * Fixed superfluous warnings when generating optimized autoloaders - Version 1.10.0 * Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory. * Warning: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs. * Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist * Added composer fund command to show funding info of your dependencies * Added bearer auth config to authenticate using Authorization: Bearer <token> headers * Added plugin-api-version in composer.lock so third-party tools can know which Composer version was used to generate a lock file * Added support for --format=json output for show command when showing a single package * Added support for configuring suggestions using config command, e.g. composer config suggest.foo/bar some text * Added support for configuring fine-grained preferred-install using config command, e.g. composer config preferred-install.foo/* dist * Added @putenv script handler to set environment variables from composer.json for following scripts * Added lock option that can be set to false, in which case no composer.lock file will be generated * Added --add-repository flag to create-project command which will persist the repo given in --repository into the composer.json of the package being installed * Fixed issue where --no-dev autoload generation was excluding some packages which should not have been excluded * Added support for IPv6 addresses in NO_PROXY * Added package homepage display in the show command * Added debug info about HTTP authentications * Added Symfony 5 compatibility * Added --fixed flag to require command to make it use a fixed constraint instead of a ^x.y constraint when adding the requirement * Fixed exclude-from-classmap matching subsets of directories e.g. foo/ was excluding foobar/ * Fixed archive command to persist file permissions inside the zip files * Fixed init/require command to avoid suggesting packages which are already selected in the search results * Fixed create-project UX issues * Fixed filemtime for vendor/composer/* files is now only changing when the files actually change * Fixed issues detecting docker environment with an active open_basedir - Version 1.9.3 * Fixed GitHub deprecation of access_token query parameter, now using Authorization header - Version 1.9.2 * Fixed minor git driver bugs * Fixed schema validation for version field to allow dev-* versions too * Fixed external processes' output being formatted even though it should not * Fixed issue with path repositories when trying to install feature branches - Version 1.9.1 * Fixed various credential handling issues with gitlab and github * Fixed credentials being present in git remotes in Composer cache and vendor directory when not using SSH keys * Fixed composer why not listing replacers as a reason something is present * Fixed various PHP 7.4 compatibility issues * Fixed root warnings always present in Docker containers, setting COMPOSER_ALLOW_SUPERUSER is not necessary anymore * Fixed GitHub access tokens leaking into debug-verbosity output * Fixed several edge case issues detecting GitHub, Bitbucket and GitLab repository types * Fixed Composer asking if you want to use a composer.json in a parent directory when ran in non-interactive mode * Fixed classmap autoloading issue finding classes located within a few non-PHP context blocks (?>...<?php) - Version 1.9.0 * Added a --no-cache flag available on all commands to run with the cache disabled * Added PHP_BINARY as env var pointing to the PHP process when executing Composer scripts as shell scripts * Added a use-github-api config option which can set the no-api flag on all GitHub VCS repositories declared * Added a static helper you can preprend to a script to avoid process timeouts, 'Composer\\Config::disableProcessTimeout' * Added Event::getOriginatingEvent to retrieve an event's original event when a script handler forwards to another one * Added support for autoloading directly from a phar file * Fixed loading order of plugins to always initialize them in order of dependencies * Fixed various network-mount related issues * Fixed --ignore-platform-reqs not ignoring conflict rules against platform packages - Version 1.8.6 * Fixed handling of backslash-escapes handling in compoesr.json when using the require command * Fixed create-project not following classmap-authoritative and apcu-autoloader config values * Fixed HHVM version warning showing up in some cases when it was not in use Important SUSE bug 1185376 SUSE bug 1187416 CVE-2021-29472 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1171685 CVE-2020-12825 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1027519 SUSE bug 1189632 CVE-2021-28701 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 93.0.4577.63 (boo#1190096): * CVE-2021-30606: Use after free in Blink * CVE-2021-30607: Use after free in Permissions * CVE-2021-30608: Use after free in Web Share * CVE-2021-30609: Use after free in Sign-In * CVE-2021-30610: Use after free in Extensions API * CVE-2021-30611: Use after free in WebRTC * CVE-2021-30612: Use after free in WebRTC * CVE-2021-30613: Use after free in Base internals * CVE-2021-30614: Heap buffer overflow in TabStrip * CVE-2021-30615: Cross-origin data leak in Navigation * CVE-2021-30616: Use after free in Media * CVE-2021-30617: Policy bypass in Blink * CVE-2021-30618: Inappropriate implementation in DevTools * CVE-2021-30619: UI Spoofing in Autofill * CVE-2021-30620: Insufficient policy enforcement in Blink * CVE-2021-30621: UI Spoofing in Autofill * CVE-2021-30622: Use after free in WebApp Installs * CVE-2021-30623: Use after free in Bookmarks * CVE-2021-30624: Use after free in Autofill Chromium 93.0.4577.82 (boo#1190476): * CVE-2021-30625: Use after free in Selection API * CVE-2021-30626: Out of bounds memory access in ANGLE * CVE-2021-30627: Type Confusion in Blink layout * CVE-2021-30628: Stack buffer overflow in ANGLE * CVE-2021-30629: Use after free in Permissions * CVE-2021-30630: Inappropriate implementation in Blink * CVE-2021-30631: Type Confusion in Blink layout * CVE-2021-30632: Out of bounds write in V8 * CVE-2021-30633: Use after free in Indexed DB API Important SUSE bug 1190096 SUSE bug 1190476 CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for grafana-piechart-panel fixes the following issues: - CVE-2020-13429: Fixed XSS via the Values Header option in the piechart-panel (bsc#1172125). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1172125 CVE-2020-13429 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: opera was updated to version 79.0.4143.22 - CHR-8550 Update chromium on desktop-stable-93-4143 to 93.0.4577.58 - CHR-8557 Update chromium on desktop-stable-93-4143 to 93.0.4577.63 - DNA-94641 [Linux] Proprietary media codecs not working in snap builds - DNA-95076 [Linux] Page crash with media content - DNA-95084 [Mac] Cannot quit through menu with snapshot editor open - DNA-95138 Add setting to synchronize Pinboards - DNA-95157 Crash at -[OperaCrApplication sendEvent:] - DNA-95204 Opera 79 translations - DNA-95240 The pinboard thumbnail cannot be generated anymore - DNA-95278 Existing Pinboards might be missing - DNA-95292 Enable #bookmarks-trash-cleaner on all streams - DNA-95293 Enable #easy-files-downloads-folder on all streams - DNA-95383 Promote O79 to stable - Complete Opera 79.0 changelog at: https://blogs.opera.com/desktop/changelog-for-79/ - The update to chromium 93.0.4577.58 fixes following issues: CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624 Important CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for grilo fixes the following issues: - CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1189839 CVE-2021-39365 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188881 SUSE bug 1188917 SUSE bug 1189368 SUSE bug 1189369 SUSE bug 1189370 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1189060 CVE-2021-3622 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for haproxy fixes the following issues: - CVE-2021-40346: Fixed request smuggling vulnerability in HTX (bsc#1189877). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1189877 CVE-2021-40346 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Opera was updated to version 79.0.4143.50 - CHR-8571 Update chromium on desktop-stable-93-4143 to 93.0.4577.82 - DNA-94104 ContinueShoppingOnEbayBrowserTest.ShouldDisplayOffers TilesStartingWithMostActiveOnes fails - DNA-94894 [Rich Hint] Agent API permissions - DNA-94989 Wrong color and appearance of subpages in the settings - DNA-95241 “Switch to tab” button is visible only on hover - DNA-95286 Add unit tests to pinboard sync related logic in browser - DNA-95372 [Mac retina screen] Snapshot doesnt capture cropped area - DNA-95526 Some webstore extensions are not verified properly - The update to chromium 93.0.4577.82 fixes following issues: CVE-2021-30625, CVE-2021-30626, CVE-2021-30627, CVE-2021-30628, CVE-2021-30629, CVE-2021-30630, CVE-2021-30631, CVE-2021-30632, CVE-2021-30633 Important CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rabbitmq-server fixes the following issues: - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI (bsc#1187818). - CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin (bsc#1187819). - CVE-2021-22116: Fixed improper input validation may lead to DoS (bsc#1186203). - Use /run instead of /var/run in tmpfiles.d configuration (bsc#1185075). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1185075 SUSE bug 1186203 SUSE bug 1187818 SUSE bug 1187819 CVE-2021-22116 CVE-2021-32718 CVE-2021-32719 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mupdf fixes the following issues: - CVE-2020-19609: Fixed heap-based buffer overflow in tiff_expand_colormap() when parsing TIFF files (boo#1190176) - CVE-2020-16600: Fixed use-after-free when a valid page was followed by a page with invalid pixmap dimensions (boo#1190175) Important SUSE bug 1190175 SUSE bug 1190176 CVE-2020-16600 CVE-2020-19609 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.16 fixes the following issues: - Update to go 1.16.8 - CVE-2021-39293: Fixed a buffer overflow issue in preallocation check that can cause OOM panic. (bas#) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1182345 SUSE bug 1190589 CVE-2021-39293 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 nodejs8 was updated to fix the following security issues: - CVE-2021-22930: http2: fixes use after free on close in stream canceling (bsc#1188917) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188917 CVE-2021-22930 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mbedtls fixes the following issues: * CVE-2021-24119: Fixed side-channel vulnerability in base64 PEM [boo#1189589] Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code. Moderate SUSE bug 1189589 CVE-2021-24119 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for git fixes the following issues: - CVE-2021-40330: Fixed unexpected cross-protocol requests via newline character in git_connect_git repository path (bsc#1189992). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1189992 CVE-2021-40330 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 94.0.4606.81 (boo#1191463): * CVE-2021-37977: Use after free in Garbage Collection * CVE-2021-37978: Heap buffer overflow in Blink * CVE-2021-37979: Heap buffer overflow in WebRTC * CVE-2021-37980: Inappropriate implementation in Sandbox Chromium 94.0.4606.54 (boo#1190765): * CVE-2021-37956: Use after free in Offline use * CVE-2021-37957: Use after free in WebGPU * CVE-2021-37958: Inappropriate implementation in Navigation * CVE-2021-37959: Use after free in Task Manager * CVE-2021-37960: Inappropriate implementation in Blink graphics * CVE-2021-37961: Use after free in Tab Strip * CVE-2021-37962: Use after free in Performance Manager * CVE-2021-37963: Side-channel information leakage in DevTools * CVE-2021-37964: Inappropriate implementation in ChromeOS Networking * CVE-2021-37965: Inappropriate implementation in Background Fetch API * CVE-2021-37966: Inappropriate implementation in Compositing * CVE-2021-37967: Inappropriate implementation in Background Fetch API * CVE-2021-37968: Inappropriate implementation in Background Fetch API * CVE-2021-37969: Inappropriate implementation in Google Updater * CVE-2021-37970: Use after free in File System API * CVE-2021-37971: Incorrect security UI in Web Browser UI * CVE-2021-37972: Out of bounds read in libjpeg-turbo Chromium 94.0.4606.61 (boo#1191166): * CVE-2021-37973: Use after free in Portals Chromium 94.0.4606.71 (boo#1191204): * CVE-2021-37974 : Use after free in Safe Browsing * CVE-2021-37975 : Use after free in V8 * CVE-2021-37976 : Information leak in core Important SUSE bug 1190765 SUSE bug 1191166 SUSE bug 1191204 SUSE bug 1191463 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37960 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-3669: Fixed a denial of service to replace costly bailout check in sysvipc_find_ipc() (bsc#1159886 bsc#1188986). - CVE-2021-3752: Fixed a use-after-free uaf bug in bluetooth (bsc#1190023). - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159) - CVE-2021-3744, CVE-2021-3764: Fixed some resource leaks in the ccp driver ccp_run_aes_gcm_cmd() (bsc#1189884 bsc#1190534). The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - libata: fix ata_host_start() (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - USB: serial: option: add device id for Foxconn T99W265 (git-fixes). - USB: serial: option: add Telit LN920 compositions (git-fixes). - USB: serial: option: remove duplicate USB device ID (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). Important SUSE bug 1065729 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167773 SUSE bug 1170774 SUSE bug 1173746 SUSE bug 1176940 SUSE bug 1184439 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1187167 SUSE bug 1188067 SUSE bug 1188651 SUSE bug 1188986 SUSE bug 1189297 SUSE bug 1189841 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190159 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191240 SUSE bug 1191292 CVE-2020-3702 CVE-2021-3669 CVE-2021-3744 CVE-2021-3752 CVE-2021-3764 CVE-2021-40490 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: opera was updated to version 80.0.4170.16 Fixes: - CHR-8590 Update chromium on desktop-stable-94-4170 to 94.0.4606.61 - DNA-95347 Make InstallerStep::Run async - DNA-95420 First suggestion in address field is often not highlighted - DNA-95613 Browser closing itself after closing SD/first tab and last opened tab - DNA-95725 Promote O80 to stable - DNA-95781 Import fixes for CVE-2021-37975, CVE-2021-37976 and CVE-2021-37974 to desktop-stable-94-4170 - Complete Opera 80.0 changelog at: https://blogs.opera.com/desktop/changelog-for-80/ - Drop Provides/Obsoletes for opera-gtk and opera-kde4 opera-gtk and opera-kde4 were last used in openSUSE 13.1 Opera was updated to version 79.0.4143.72 Fixes: - DNA-94933 Add emoji panel to address bar - DNA-95210 Add emoji YAT address bar suggestions - DNA-95221 Emoji button stuck in address bar - DNA-95325 Make y.at navigations to be reported with page_views events - DNA-95327 Add “Emojis” context menu option in address bar field - DNA-95339 Add YAT emoji url suggestion to search? dialog - DNA-95364 Add browser feature flag - DNA-95416 Remove emoji button from address bar - DNA-95439 Enable #yat-emoji-addresses on developer stream - DNA-95441 [Mac big sur] Emoji are not shown in address bar url - DNA-95445 Crash when removing unsynced pinboard bookmark with sync enabled - DNA-95512 Allow to show title and timer for simple banners - DNA-95516 Wrong label in settings for themes - DNA-95679 Temporarily disable AB test for a new autoupdater logic Important CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libaom fixes the following issues: - CVE-2021-30474: Fixed use-after-free in aom_dsp/grain_table.c (bsc#1186799). This update was imported from the SUSE:SLE-15-SP2:Update update project. Low SUSE bug 1186799 CVE-2021-30474 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#1179221). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27758: Fixed an outside the range of representable values of type 'unsigned long long' (bsc#1179276). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). - CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#1179753). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179221 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179276 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 SUSE bug 1179753 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2020-29599 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1065729 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167773 SUSE bug 1170774 SUSE bug 1173746 SUSE bug 1176940 SUSE bug 1184439 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1187167 SUSE bug 1188067 SUSE bug 1188651 SUSE bug 1188986 SUSE bug 1189297 SUSE bug 1189841 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190159 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190432 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191240 SUSE bug 1191292 CVE-2020-3702 CVE-2021-3669 CVE-2021-3744 CVE-2021-3752 CVE-2021-3764 CVE-2021-40490 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1179416 SUSE bug 1183543 SUSE bug 1183545 SUSE bug 1183632 SUSE bug 1183659 SUSE bug 1185299 SUSE bug 1187670 SUSE bug 1188548 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.2.0 ESR. Firefox Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Data race in crossbeam-deque https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw) * CVE-2021-38500 (bmo#1725854, bmo#1728321) Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176) Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox Extended Support Release 91.0.1 ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 SUSE bug 1190710 SUSE bug 1191332 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.4 - CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701) - CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1188697 SUSE bug 1190701 CVE-2021-21806 CVE-2021-30858 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1134353 SUSE bug 1171962 SUSE bug 1184994 SUSE bug 1188018 SUSE bug 1188063 SUSE bug 1188291 SUSE bug 1188713 SUSE bug 1189480 SUSE bug 1190234 CVE-2021-33910 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libqt5-qtsvg fixes the following issues: - CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd from crafted svg file. (bsc#1184783) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1184783 CVE-2021-3481 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1186489 SUSE bug 1187911 CVE-2021-33574 CVE-2021-35942 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ssh-audit fixes the following issues: ssh-audit was updated to version 2.5.0 * Fixed crash when running host key tests. * Handles server connection failures more gracefully. * Now prints JSON with indents when -jj is used (useful for debugging). * Added MD5 fingerprints to verbose output. * Added -d/--debug option for getting debugging output. * Updated JSON output to include MD5 fingerprints. Note that this results in a breaking change in the 'fingerprints' dictionary format. * Updated OpenSSH 8.1 (and earlier) policies to include rsa-sha2-512 and rsa-sha2-256. * Added OpenSSH v8.6 & v8.7 policies. * Added 3 new key exchanges: + gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q== + gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q== + gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q== * Added 3 new MACs: + hmac-ripemd160-96 + AEAD_AES_128_GCM + AEAD_AES_256_GCM Update to version 2.4.0 * Added multi-threaded scanning support. * Added version check for OpenSSH user enumeration (CVE-2018-15473). * Added deprecation note to host key types based on SHA-1. * Added extra warnings for SSHv1. * Added built-in hardened OpenSSH v8.5 policy. * Upgraded warnings to failures for host key types based on SHA-1 * Fixed crash when receiving unexpected response during host key test. * Fixed hang against older Cisco devices during host key test & gex test. * Fixed improper termination while scanning multiple targets when one target returns an error. * Dropped support for Python 3.5 (which reached EOL in Sept.2020) * Added 1 new key exchange: sntrup761x25519-sha512@openssh.com. Update to version 2.3.1 * Now parses public key sizes for rsa-sha2-256-cert-v01@openssh.com and rsa-sha2-512-cert-v01@openssh.com host key types. * Flag ssh-rsa-cert-v01@openssh.com as a failure due to SHA-1 hash. * Fixed bug in recommendation output which suppressed some algorithms inappropriately. * Built-in policies now include CA key requirements (if certificates are in use). * Lookup function (--lookup) now performs case-insensitive lookups of similar algorithms. * Migrated pre-made policies from external files to internal database. * Split single 3,500 line script into many files (by class). * Added setup.py support * Added 1 new cipher: des-cbc@ssh.com. Update to version 2.3.0 The highlight of this release is support for policy scanning (this allows an admin to test a server against a hardened/standard configuration). * Added new policy auditing functionality to test adherence to a hardening guide/standard configuration (see -L/--list-policies, -M/--make-policy and -P/--policy). * Created new man page (see ssh-audit.1 file). * 1024-bit moduli upgraded from warnings to failures. * Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments. * Added feature to look up algorithms in internal database (see --lookup) * Suppress recommendation of token host key types. * Added check for use-after-free vulnerability in PuTTY v0.73. * Added 11 new host key types: ssh-rsa1, ssh-dss-sha256@ssh.com, ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512, spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, x509v3-rsa2048-sha256. * Added 8 new key exchanges: diffie-hellman-group1-sha256, kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-, gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-, gss-curve25519-sha256-. * Added 5 new ciphers: blowfish, AEAD_AES_128_GCM, AEAD_AES_256_GCM, crypticore128@ssh.com, seed-cbc@ssh.com. * Added 3 new MACs: chacha20-poly1305@openssh.com, hmac-sha3-224, crypticore-mac@ssh.com. - Update ssh-audit.keyring Moderate CVE-2018-15473 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 CVE-2021-22947 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: - Update to version 73.0.3856.344 - CHR-8265 Update chromium on desktop-stable-87-3856 to 87.0.4280.141 - DNA-90625 [Mac] Crash at opera::TabView:: GetPaintData(opera::TabState) const - DNA-90735 Crash at opera::BrowserSidebarModel::GetItemVisible (opera::BrowserSidebarItem const*) const - DNA-90780 Crash at extensions::CommandService::GetExtension ActionCommand(std::__1::basic_string const&, extensions:: ActionInfo::Type, extensions::CommandService::QueryType, extensions::Command*, bool*) - DNA-90821 Crash at opera::BrowserSidebarController:: Action(opera::BrowserSidebarItem const*, opera::BrowserSidebarItemContentView*) - The update to chromium 87.0.4280.141 fixes following issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE-2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2020-16043, CVE-2021-21114, CVE-2020-15995, CVE-2021-21115, CVE-2021-21116 - Update to version 73.0.3856.329 - DNA-89156 Crash at content::RenderViewHostImpl::OnFocus() - DNA-89731 [Mac] Bookmarks bar overlaps Babe section when hovering the OMenu - DNA-90189 Music service portal logotypes are blurred on Win - DNA-90336 add session data schema - DNA-90399 Address bar dropdown suggestions overlap each other - DNA-90520 Crash at absl::raw_logging_internal::RawLog(absl:: LogSeverity, char const*, int, char const*, …) - DNA-90538 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - DNA-90600 Don’t report workspace visibility, when functionality is disabled. - DNA-90665 Collect music service statistics WP2 - DNA-90773 Bad translation from english to spanish in UI - DNA-90789 Crash at opera::ThumbnailHelper::RunNextRequest() Moderate CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 95.0.4638.54 (boo#1191844): * CVE-2021-37981: Heap buffer overflow in Skia * CVE-2021-37982: Use after free in Incognito * CVE-2021-37983: Use after free in Dev Tools * CVE-2021-37984: Heap buffer overflow in PDFium * CVE-2021-37985: Use after free in V8 * CVE-2021-37986: Heap buffer overflow in Settings * CVE-2021-37987: Use after free in Network APIs * CVE-2021-37988: Use after free in Profiles * CVE-2021-37989: Inappropriate implementation in Blink * CVE-2021-37990: Inappropriate implementation in WebView * CVE-2021-37991: Race in V8 * CVE-2021-37992: Out of bounds read in WebAudio * CVE-2021-37993: Use after free in PDF Accessibility * CVE-2021-37996: Insufficient validation of untrusted input in Downloads * CVE-2021-37994: Inappropriate implementation in iFrame Sandbox * CVE-2021-37995: Inappropriate implementation in WebApp Installer Important SUSE bug 1191844 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for strongswan fixes the following issues: A feature was added: - Add auth_els plugin to support Marvell FC-SP encryption (jsc#SLE-20151) Security issues fixed: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) - CVE-2021-41990: Fixed an integer Overflow in the gmp Plugin. (bsc#1191367) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1191367 SUSE bug 1191435 CVE-2021-41990 CVE-2021-41991 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xstream fixes the following issues: xstream was updated to version 1.4.15. - CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists (bsc#1180994). - CVE-2020-26258: Fixed a server-side request forgery vulnerability (bsc#1180146). - CVE-2020-26259: Fixed an arbitrary file deletion vulnerability (bsc#1180145). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1180145 SUSE bug 1180146 SUSE bug 1180994 CVE-2020-26217 CVE-2020-26258 CVE-2020-26259 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls. (bsc#1191507) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1191507 CVE-2021-41133 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xstream fixes the following issues: - Upgrade to 1.4.18 - CVE-2021-39139: Fixed an issue that allowed an attacker to execute arbitrary code execution by manipulating the processed input stream with type information. (bsc#1189798) - CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS attack by manipulating the processed input stream. (bsc#1189798) - CVE-2021-39141: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39144: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39145: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39146: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39147: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39148: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39149: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39150: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39151: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39152: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39153: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39154: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1189798 CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-Pygments fixes the following issues: - CVE-2021-20270: Fixed an infinite loop in the SML lexer (bsc#1183169). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1183169 CVE-2021-20270 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for virtualbox fixes the following issues: Version bump to 6.1.28 (released October 19 2021 by Oracle) This is a maintenance release. The following items were fixed and/or added: - VMM: Fixed guru meditation while booting nested-guests accessing debug registers under certain conditions - UI: Bug fixes for touchpad-based scrolling - VMSVGA: Fixed VM black screen issue on first resize after restoring from saved state (bug #20067) - VMSVGA: Fixed display corruption on Linux Mint (bug #20513) - Storage: Fixed a possible write error under certain circumstances when using VHD images (bug #20512) - Network: Multiple updates in virtio-net device support - Network: Disconnecting cable in saved VM state now is handled properly by virtio-net - Network: More administrative control over network ranges, see user manual - NAT: Fixed not rejecting TFTP requests with absolute pathnames (bug #20589) - Audio: Fixed VM session aborting after PC hibernation (bug #20516) - Audio: Fixed setting the line-in volume of the HDA emulation on modern Linux guests - Audio: Fixed resuming playback of the AC'97 emulation while a snapshot has been taken - API: Added bindings support for Python 3.9 (bug #20252) - API: Fixed rare hang of VM when changing settings at runtime - Linux host: Improved kernel modules installation detection which prevents unnecessary modules rebuild - Host Services: Shared Clipboard: Prevent guest clipboard reset when clipboard sharing is disabled (bug #20487) - Host Services: Shared Clipboard over VRDP: Fixed to continue working when guest service reconnects to host (bug #20366) - Host Services: Shared Clipboard over VRDP: Fixed preventing remote RDP client to hang when guest has no clipboard data to report - Linux Host and Guest: Introduced initial support for kernels 5.14 and 5.15 - Linux Host and Guest: Introduced initial support for RHEL 8.5 kernel - Windows Guest: Introduced Windows 11 guest support, including unattended installation - Fixes CVE-2021-35538, CVE-2021-35545, CVE-2021-35540, CVE-2021-35542, and CVE-2021-2475 (boo#1191869) - Use kernel_module_directory macro for kernel modules (boo#1191526) - Finish UsrMerge for VirtualBox components (boo#1191104). Important SUSE bug 1191104 SUSE bug 1191526 SUSE bug 1191869 CVE-2021-2475 CVE-2021-35538 CVE-2021-35540 CVE-2021-35542 CVE-2021-35545 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1102408 SUSE bug 1185405 SUSE bug 1187704 SUSE bug 1188282 SUSE bug 1190826 SUSE bug 1191015 SUSE bug 1191121 SUSE bug 1191334 SUSE bug 1191355 SUSE bug 1191434 CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for busybox fixes the following issues: - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1099260 SUSE bug 1099263 SUSE bug 1121426 SUSE bug 1184522 SUSE bug 951562 CVE-2011-5325 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2021-28831 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1189929 CVE-2021-37750 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. (bsc#1190069) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1190069 CVE-2021-39272 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1190793 CVE-2021-39537 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1189241 SUSE bug 1189287 CVE-2021-3733 CVE-2021-3737 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for squid fixes the following issues: Update to version 4.17: - CVE-2021-28116: Fixed a out-of-bounds read in the WCCP protocol (bsc#1189403). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1189403 CVE-2021-28116 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.16 fixes the following issues: Update to go1.16.9 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182345 SUSE bug 1191468 CVE-2021-38297 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for civetweb fixes the following issues: Version 1.15: * boo#1191938 / CVE-2020-27304: missing uploaded filepath validation in the default form-based file upload mechanism * New configuration for URL decoding * Sanitize filenames in handle form * Example “embedded_c.c”: Do not overwrite files (possible security issue) * Remove obsolete examples * Remove “experimental” label for some features * Remove MG_LEGACY_INTERFACE that have been declared obsolete in 2017 or earlier * Modifications to build scripts, required due to changes in the test environment * Unix domain socket support fixed * Fixes for NO_SSL_DL * Fixes for some warnings / static code analysis Version 1.14: * Change SSL default setting to use TLS 1.2 as minimum (set config if you need an earlier version) * Add local_uri_raw field (not sanitized URI) to request_info * Additional API functions and a callback after closing connections * Allow mbedTLS as OpenSSL alternative (basic functionality) * Add OpenSSL 3.0 support (OpenSSL 3.0 Alpha 13) * Support UNIX/Linux domain sockets * Fuzz tests and ossfuzz integration * Compression for websockets * Restructure some source files * Improve documentation * Fix HTTP range requests * Add some functions for Lua scripts/LSP * Build system specific fixes (CMake, MinGW) * Update 3rd party components (Lua, lfs, sqlite) * Allow Lua background script to use timers, format and filter logs * Remove WinCE code * Update version number Version 1.13: * Add arguments for CGI interpreters * Support multiple CGi interpreters * Buffering HTTP response headers, including API functions mg_response_header_* in C and Lua * Additional C API functions * Fix some memory leaks * Extended use of atomic operations (e.g., for server stats) * Add fuzz tests * Set OpenSSL 1.1 API as default (from 1.0) * Add Lua 5.4 support and deprecate Lua 5.1 * Provide additional Lua API functions * Fix Lua websocket memory leak when closing the server * Remove obsolete 'file in memory' implementation * Improvements and fixes in documentation * Fixes from static source code analysis * Additional unit tests * Various small bug fixes * Experimental support for some HTTP2 features (not ready for production) * Experimental support for websocket compression * Remove legacy interfaces declared obsolete since more than 3 years Version 1.12 * See https://github.com/civetweb/civetweb/releases/tag/v1.12 for detailed changelog Moderate SUSE bug 1191938 CVE-2020-27304 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard (bsc#1191224) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1191224 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dnsmasq fixes the following issues: Update to version 2.86 - CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709) - CVE-2020-14312: Set --local-service by default (bsc#1173646). - Open inotify socket only when used (bsc#1180914). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1173646 SUSE bug 1180914 SUSE bug 1183709 CVE-2020-14312 CVE-2021-3448 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Opera was updated to version 80.0.4170.63 - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81 - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme() - The update to chromium 94.0.4606.81 fixes following issues: CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980 Opera was updated to version 80.0.4170.40 - CHR-8598 Update chromium on desktop-stable-94-4170 to 94.0.4606.71 - DNA-95221 Emoji button stuck in address bar - DNA-95325 Make y.at navigations to be reported with page_views events - DNA-95327 Add “Emojis” context menu option in address bar field - DNA-95339 Add YAT emoji url suggestion to search? dialog - DNA-95416 Remove emoji button from address bar - DNA-95439 Enable #yat-emoji-addresses on developer stream - DNA-95441 [Mac big sur] Emoji are not shown in address bar url - DNA-95514 Crash at resource_coordinator::TabLifecycleUnitSource ::TabLifecycleUnit::OnLifecycleUnitStateChanged(mojom:: LifecycleUnitState, mojom::LifecycleUnitStateChangeReason) - DNA-95746 Enable #reader-mode everywhere - DNA-95865 Numbers are recognized as emojis - DNA-95866 Change Yat text in selection popup - DNA-95867 Show that buttons are clickable in selection popup - The update to chromium 94.0.4606.71 fixes following issues: CVE-2021-37974, CVE-2021-37975, CVE-2021-37976 Important CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mailman fixes the following issues: Update to 2.1.35 to fix 2 security issues: - A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-42096 (boo#1191959, LP:#1947639) - A CSRF attack via the user options page could allow takeover of a users account. This is fixed. CVE-2021-42097 (boo#1191960, LP:#1947640) - make package build reproducible (boo#1047218) Important SUSE bug 1047218 SUSE bug 1191959 SUSE bug 1191960 CVE-2021-42096 CVE-2021-42097 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703) - CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702) - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) - CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1190666 SUSE bug 1190669 SUSE bug 1190702 SUSE bug 1190703 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-40438 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-32280 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hawk2 fixes the following issues: hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code (bsc#1179998). This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1179998 CVE-2020-35458 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1122417 SUSE bug 1125886 SUSE bug 1178236 SUSE bug 1188921 CVE-2021-37600 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172973 SUSE bug 1172974 CVE-2019-20838 CVE-2020-14155 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265, CVE-2021-21996) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1190265 CVE-2021-21996 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libvirt fixes the following issues: - CVE-2021-3667: Fixed a DoS vulnerability in the libvirt virStoragePoolLookupByTargetPath API. (bsc#1188843) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1177902 SUSE bug 1186398 SUSE bug 1188232 SUSE bug 1188843 SUSE bug 1190420 SUSE bug 1190693 SUSE bug 1190695 CVE-2021-3667 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for webkit2gtk3 fixes the following issues: - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1191937 CVE-2021-42762 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u312 build 07 with OpenJ9 0.29.0 virtual machine including Oracle July 2021 and October 2021 CPU changes - CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder on Windows (bsc#1185056). - CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). - CVE-2021-2341: Fixed flaw inside the FtpClient (bsc#1188564). - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files (bsc#1188565). - CVE-2021-2388: Fixed flaw inside the Hotspot component performed range check elimination (bsc#1188566). - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1185055 SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-2161 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a NFS regression. The following security bugs were fixed: - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416 bnc#1129735). - CVE-2021-33033: The Linux kernel had a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1188876). - CVE-2021-34556: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-35477: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563 bnc#1192267). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Invalid chunks may be used to remotely remove existing associations (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-41864: prealloc_elems_and_freelist in kernel/bpf/stackmap.c allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-42252: An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c where local attackers were able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673 bnc#1192036). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: It allowed a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values (bnc#1192107). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes). - Add cherry-picked commit id to the usb hso fix (git-fixes) - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Update timeout value in comment (git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: use _rpmmacrodir (boo#1191384) - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Important SUSE bug 1065729 SUSE bug 1085030 SUSE bug 1100416 SUSE bug 1129735 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1157177 SUSE bug 1167773 SUSE bug 1172073 SUSE bug 1173604 SUSE bug 1176940 SUSE bug 1184673 SUSE bug 1185762 SUSE bug 1186109 SUSE bug 1187167 SUSE bug 1188563 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189841 SUSE bug 1190006 SUSE bug 1190067 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190620 SUSE bug 1190642 SUSE bug 1190795 SUSE bug 1190941 SUSE bug 1191229 SUSE bug 1191238 SUSE bug 1191241 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191343 SUSE bug 1191349 SUSE bug 1191384 SUSE bug 1191449 SUSE bug 1191450 SUSE bug 1191451 SUSE bug 1191452 SUSE bug 1191455 SUSE bug 1191456 SUSE bug 1191628 SUSE bug 1191731 SUSE bug 1191800 SUSE bug 1191934 SUSE bug 1191958 SUSE bug 1192036 SUSE bug 1192040 SUSE bug 1192041 SUSE bug 1192107 SUSE bug 1192145 SUSE bug 1192267 CVE-2018-13405 CVE-2021-33033 CVE-2021-34556 CVE-2021-3542 CVE-2021-35477 CVE-2021-3655 CVE-2021-3715 CVE-2021-3760 CVE-2021-3772 CVE-2021-3896 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 CVE-2021-43056 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1189234 SUSE bug 1189702 SUSE bug 1189938 SUSE bug 1190425 CVE-2021-3713 CVE-2021-3748 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 95.0.4638.69 (boo#1192184): * CVE-2021-37997: Use after free in Sign-In * CVE-2021-37998: Use after free in Garbage Collection * CVE-2021-37999: Insufficient data validation in New Tab Page * CVE-2021-38000: Insufficient validation of untrusted input in Intents * CVE-2021-38001: Type Confusion in V8 * CVE-2021-38002: Use after free in Web Transport * CVE-2021-38003: Inappropriate implementation in V8 Important SUSE bug 1192184 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rubygem-activerecord-5_1 fixes the following issues: - CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type (bsc#1182169). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182169 CVE-2021-22880 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1014440 SUSE bug 1192214 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 CVE-2021-23192 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tinyxml fixes the following issues: - CVE-2021-42260: Fixed an infinite loop for inputs containing the sequence 0xEF0x00 (bsc#1191576) This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1191576 CVE-2021-42260 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: - General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. - X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. - ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script=<NAME> command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=<style>, --no-demangle, --recurse-limit and --no-recurse-limit options are also now availale. Other fixes: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). The following security fixes are addressed by the update: - CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452). - CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511). - CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620). - CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794). - CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898). - CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899). - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900). - CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901). - CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902). - CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903) - CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451). - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454). - CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461). - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) Moderate SUSE bug 1179898 SUSE bug 1179899 SUSE bug 1179900 SUSE bug 1179901 SUSE bug 1179902 SUSE bug 1179903 SUSE bug 1180451 SUSE bug 1180454 SUSE bug 1180461 SUSE bug 1181452 SUSE bug 1182252 SUSE bug 1183511 SUSE bug 1183909 SUSE bug 1184519 SUSE bug 1184620 SUSE bug 1184794 SUSE bug 1188941 SUSE bug 1191473 SUSE bug 1192267 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294 CVE-2021-3487 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416 bnc#1129735). - CVE-2021-33033: The Linux kernel had a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1188876). - CVE-2021-34556: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-35477: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563 bnc#1192267). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Invalid chunks may be used to remotely remove existing associations (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-41864: prealloc_elems_and_freelist in kernel/bpf/stackmap.c allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-42252: An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c where local attackers were able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673 bnc#1192036). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: It allowed a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values (bnc#1192107). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes). - Add cherry-picked commit id to the usb hso fix (git-fixes) - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Update timeout value in comment (git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: use _rpmmacrodir (boo#1191384) - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Important SUSE bug 1065729 SUSE bug 1085030 SUSE bug 1100416 SUSE bug 1129735 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1157177 SUSE bug 1167773 SUSE bug 1172073 SUSE bug 1173604 SUSE bug 1176940 SUSE bug 1184673 SUSE bug 1185762 SUSE bug 1186109 SUSE bug 1187167 SUSE bug 1188563 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189841 SUSE bug 1190006 SUSE bug 1190067 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190620 SUSE bug 1190642 SUSE bug 1190795 SUSE bug 1190941 SUSE bug 1191229 SUSE bug 1191238 SUSE bug 1191241 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191343 SUSE bug 1191349 SUSE bug 1191384 SUSE bug 1191449 SUSE bug 1191450 SUSE bug 1191451 SUSE bug 1191452 SUSE bug 1191455 SUSE bug 1191456 SUSE bug 1191628 SUSE bug 1191731 SUSE bug 1191800 SUSE bug 1191934 SUSE bug 1191958 SUSE bug 1192036 SUSE bug 1192040 SUSE bug 1192041 SUSE bug 1192107 SUSE bug 1192145 SUSE bug 1192267 SUSE bug 1192549 CVE-2018-13405 CVE-2021-33033 CVE-2021-34556 CVE-2021-3542 CVE-2021-35477 CVE-2021-3655 CVE-2021-3715 CVE-2021-3760 CVE-2021-3772 CVE-2021-3896 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 CVE-2021-43056 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-11-openjdk fixes the following issues: Update to 11.0.13+8 (October 2021 CPU) - CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites preference - CVE-2021-35565, bsc#1191909: com.sun.net.HttpsServer spins on TLS session close - CVE-2021-35556, bsc#1191910: Richer Text Editors - CVE-2021-35559, bsc#1191911: Enhanced style for RTF kit - CVE-2021-35561, bsc#1191912: Better hashing support - CVE-2021-35564, bsc#1191913: Improve Keystore integrity - CVE-2021-35567, bsc#1191903: More Constrained Delegation - CVE-2021-35578, bsc#1191904: Improve TLS client handshaking - CVE-2021-35586, bsc#1191914: Better BMP support - CVE-2021-35603, bsc#1191906: Better session identification - Improve Stream handling for SSL - Improve requests of certificates - Correct certificate requests - Enhance DTLS client handshake This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Opera was updated to version 81.0.4196.31 - DNA-95733 Implement the “Manage” menu in card details view - DNA-95736 Update UI for paused card - DNA-95791 Crash at base::operator< - DNA-95794 Sometimes the sidebar UI fails to load - DNA-95812 Retrieve cards info when showing autofill - DNA-96035 Cannot create virtual card on Sandbox environment - DNA-96147 “Buy” button does not work - DNA-96168 Update contributors list - DNA-96211 Enable #fast-tab-tooltip on all streams - DNA-96231 Promote O81 to stable - Complete Opera 80.1 changelog at: https://blogs.opera.com/desktop/changelog-for-81/ Update to version 81.0.4196.27 - CHR-8623 Update chromium on desktop-stable-95-4196 to 95.0.4638.54 - DNA-92384 Better segmenting of hint users - DNA-95523 Allow sorting in multi-card view - DNA-95659 Flow of Lastcard on first login - DNA-95735 Implement the button that reveals full card details - DNA-95747 Better way to handle expired funding card - DNA-95949 [Mac Retina] Clicking active tab should scroll to the top - DNA-95993 Update icon used for Yat in address bar dropdown - DNA-96021 Cleared download item view is never deleted - DNA-96036 Occupation field in 'Account – Edit' is shown twice - DNA-96127 Upgrade plan button does nothing - DNA-96138 'Add Card' button does not change to 'Upgrade Plan' after adding card - The update to chromium 95.0.4638.54 fixes following issues: CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984, CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988, CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992, CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996 Update to version 80.0.4170.72 - DNA-95522 Change card view to show all types of cards - DNA-95523 Allow sorting in multi-card view - DNA-95524 Allow searching for cards by name - DNA-95658 Allow user to add a card - DNA-95659 Flow of Lastcard on first login - DNA-95660 Implement editing card details - DNA-95699 Add card details view - DNA-95733 Implement the “Manage” menu in card details view - DNA-95735 Implement the button that reveals full card details - DNA-95736 Update UI for paused card - DNA-95747 Better way to handle expired funding card - DNA-95794 Sometimes the sidebar UI fails to load - DNA-95812 Retrieve cards info when showing autofill - DNA-96036 Occupation field in ‘Account – Edit’ is shown twice - DNA-96127 Upgrade plan button does nothing - DNA-96138 “Add Card” button does not change to “Upgrade Plan” after adding card Important CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279). - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278). - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1188278 SUSE bug 1188279 SUSE bug 1190558 CVE-2021-30640 CVE-2021-33037 CVE-2021-41079 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for barrier fixes the following issues: Updated to version 2.4.0: Barrier now supports client identity verification (fixes CVE-2021-42072, CVE-2021-42073). Previously a malicious client could connect to Barrier server without any authentication and send application-level messages. This made the attack surface of Barrier significantly larger. Additionally, in case the malicious client got possession of a valid screen name by brute forcing or other means it could modify the clipboard contents of the server. To support seamless upgrades from older versions of Barrier this is currently disabled by default. The feature can be enabled in the settings dialog. If enabled, older clients of Barrier will be rejected. Barrier now uses SHA256 fingerprints for establishing security of encrypted SSL connections. After upgrading client to new version the existing server fingerprint will need to be approved again. Client and server will show both SHA1 and SHA256 server fingerprints to allow interoperability with older versions of Barrier. Bugfixes: * Fixed build failure on mips*el and riscv64 architecture. * Barrier no longer uses openssl CLI tool for any operations and hooks into the openssl library directly. * More X11 clipboard MIME types have been mapped to corresponding converters (#344). * Fixed setup of multiple actions associated with a hotkey. * Fixed setup of hotkeys with special characters such as comma and semicolon (#778). * Fixed transfer of non-ASCII characters coming from a Windows server in certain cases (#527). * Barrier will now regenerate server certificate if it's invalid instead of failing to launch (#802) * Added support for additional keys on Sun Microsystems USB keyboards (#784). * Updated Chinese translation. * Updated Slovak translation. * Theme icons are now preferred to icons distributed together with Barrier (#471). Features: * Added --drop-target option that improves drag and drop support on Windows when Barrier is being run as a portable app. * The --enable-crypto command line option has been made the default to reduce chances of accidental security mishaps when configuring Barrier from command line. A new --disable-crypto command line option has been added to explicitly disable encryption. * Added support for randomart images for easier comparison of SSL certificate fingerprints. The algorithm is identical to what OpenSSH uses. * Implemented a configuration option for Server GUI auto-start. * Made it possible to use keyboard instead of mouse to modify screen layout. * Added support for keyboard backlight media keys * Added support for Eisu_toggle and Muhenkan keys * Added --profile-dir option that allows to select custom profile directory. submitted upstream at https://github.com/symless/synergy-core/pull/6261 * Bug #4749 - Clipboard thread race condition causes assertion * Bug #4720 - Plugin download shows 'Could not get Linux package * Bug #4712 - Unable to send clipboard with size above 1KB when * Bug #4690 - Log line 'activeDesktop' does not use logging * Enhancement #4901 - Auto restart when running from GUI in * Bug #4650 - SSL error log message repeats excessively and * Bug #4601 - Large clipboard data with SSL causes 'protocol is * Bug #4593 - Locking Windows server causes SSL_ERROR_SSL to * Bug #4538 - Windows service crashes intermittently with no * Bug #4566 - Client or server crashes with 'ssl handshake * Bug #4706 - Installer is not output to build config dir * Bug #4704 - Plugin 'ns' release build is overwritten with * Bug #4697 - Timing can allow an SSL socket to be used after * Enhancement #4661 - Log error but do not crash when failing * Enhancement #4708 - Download ns plugin for specific Mac * Enhancement #4587 - Include OpenSSL binaries in source for * Enhancement #4695 - Automatically upload plugins as Moderate CVE-2021-42072 CVE-2021-42073 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gdk-pixbuf fixes the following issues: - CVE-2020-29385: Fixed an infinite loop in lzw.c in the function write_indexes (bsc#1180393). - Fixed an integer underflow in the GIF loader (bsc#1174307). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1174307 SUSE bug 1180393 CVE-2020-29385 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openjdk fixes the following issues: Update to version OpenJDK 8u312 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Fix potential race in tail call compatibility check (git-fixes). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - firmware/psci: fix application of sizeof to pointer (git-fixes). - Fix problem with missing installkernel on Tumbleweed. - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - fuse: fix page stealing (bsc#1192718). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen: Fix implicit type conversion (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). Important SUSE bug 1094840 SUSE bug 1133021 SUSE bug 1152489 SUSE bug 1169263 SUSE bug 1170269 SUSE bug 1188601 SUSE bug 1190523 SUSE bug 1190795 SUSE bug 1191790 SUSE bug 1191851 SUSE bug 1191958 SUSE bug 1191961 SUSE bug 1191980 SUSE bug 1192045 SUSE bug 1192229 SUSE bug 1192267 SUSE bug 1192273 SUSE bug 1192328 SUSE bug 1192718 SUSE bug 1192740 SUSE bug 1192745 SUSE bug 1192750 SUSE bug 1192753 SUSE bug 1192781 SUSE bug 1192802 SUSE bug 1192896 SUSE bug 1192906 SUSE bug 1192918 CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVE-2021-37159 CVE-2021-43389 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance (bsc#1192146). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1192146 CVE-2021-25219 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598 (bsc#1191856) Note: * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant for netcdf: code isn't used. * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot be reproduced and no patch is available upstream. This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1191856 CVE-2019-20005 CVE-2019-20006 CVE-2019-20007 CVE-2019-20198 CVE-2019-20199 CVE-2019-20200 CVE-2019-20201 CVE-2019-20202 CVE-2021-26220 CVE-2021-26221 CVE-2021-26222 CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tor fixes the following issues: tor 0.4.6.8: * Improving reporting of general overload state for DNS timeout errors by relays * Regenerate fallback directories for October 2021 * Bug fixes for onion services * CVE-2021-22929: do not log v2 onion services access attempt warnings on disk excessively (TROVE-2021-008, boo#1192658) Moderate SUSE bug 1192658 CVE-2021-22929 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-autobahn fixes the following issue: - CVE-2020-35678: Fixed a redirect header injection (boo#1180570). This update was imported from the openSUSE:Leap:15.1:Update update project. Moderate SUSE bug 1180570 CVE-2020-35678 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-Pygments fixes the following issues: - CVE-2021-27291: Fixed ReDoS via crafted malicious input (bsc#1184812). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1184812 CVE-2021-27291 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wavpack fixes the following issues: - Update to version 5.4.0 * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) * fixed: disable A32 asm code when building for Apple silicon * fixed: issues with Adobe-style floating-point WAV files * added: --normalize-floats option to wvunpack for correctly exporting un-normalized floating-point files - Update to version 5.3.0 * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448 * fixed: trailing garbage characters on imported ID3v2 TXXX tags * fixed: various minor undefined behavior and memory access issues * fixed: sanitize tag extraction names for length and path inclusion * improved: reformat wvunpack 'help' and split into long + short versions * added: regression testing to Travis CI for OSS-Fuzz crashers - Updated to version 5.2.0 *fixed: potential security issues including the following CVEs: CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344), CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 and CVE-2019-1010319 * added: support for CMake, Travis CI, and Google's OSS-fuzz * fixed: use correction file for encode verify (pipe input, Windows) * fixed: correct WAV header with actual length (pipe input, -i option) * fixed: thumb interworking and not needing v6 architecture (ARM asm) * added: handle more ID3v2.3 tag items and from all file types * fixed: coredump on Sparc64 (changed MD5 implementation) * fixed: handle invalid ID3v2.3 tags from sacd-ripper * fixed: several corner-case memory leaks This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1091340 SUSE bug 1091341 SUSE bug 1091342 SUSE bug 1091343 SUSE bug 1091344 SUSE bug 1180414 CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2018-6767 CVE-2018-7253 CVE-2018-7254 CVE-2019-1010319 CVE-2019-11498 CVE-2020-35738 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hiredis fixes the following issues: - CVE-2021-32765: Fix integer/buffer (boo#1191331) Moderate SUSE bug 1191331 CVE-2021-32765 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openexr fixes the following issues: - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). - CVE-2021-3933: Fixed integer-overflow in Imf_3_1:bytesPerDeepLineTable (bsc#1192498). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1192498 SUSE bug 1192556 CVE-2021-3933 CVE-2021-3941 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for speex fixes the following issues: - CVE-2020-23903: Fixed zero division error in read_samples (bsc#1192580). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1192580 CVE-2020-23903 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.16 fixes the following issues: Security update go1.16.10 (released 2021-11-04) (bsc#1182345). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182345 SUSE bug 1192377 SUSE bug 1192378 CVE-2021-41771 CVE-2021-41772 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.13.4 bug fix release (bsc#1027519). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1027519 SUSE bug 1191363 SUSE bug 1192554 SUSE bug 1192557 SUSE bug 1192559 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1162581 SUSE bug 1174504 SUSE bug 1191563 SUSE bug 1192248 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) Changes in 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add 'tries' option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6 * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1190053 SUSE bug 1190054 SUSE bug 1190055 SUSE bug 1190056 SUSE bug 1190057 SUSE bug 1191601 SUSE bug 1191602 CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1185768 CVE-2021-42771 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for glib-networking fixes the following issues: Update to version 2.62.4: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172460 CVE-2020-13645 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1192063 CVE-2021-30846 CVE-2021-30851 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1027496 SUSE bug 1183085 CVE-2016-10228 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wireshark fixes the following issues: - Update to Wireshark 3.4.10: - CVE-2021-39920: IPPUSB dissector crash (bsc#1192830). - CVE-2021-39921: Modbus dissector crash (bsc#1192830). - CVE-2021-39922: C12.22 dissector crash (bsc#1192830). - CVE-2021-39924: Bluetooth DHT dissector large loop (bsc#1192830). - CVE-2021-39925: Bluetooth SDP dissector crash (bsc#1192830). - CVE-2021-39926: Bluetooth HCI_ISO dissector crash (bsc#1192830). - CVE-2021-39928: IEEE 802.11 dissector crash (bsc#1192830). - CVE-2021-39929: Bluetooth DHT dissector crash (bsc#1192830). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1192830 CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1192717 CVE-2021-43618 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for php7 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM (bsc#1192050). - CVE-2021-21707: Fixed special character breaks path in xml parsing (bsc#1193041). - Added patch to prevent memory access violation in php7 when running test suite (bsc#1175508) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1175508 SUSE bug 1192050 SUSE bug 1193041 CVE-2021-21703 CVE-2021-21707 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for clamav fixes the following issues: - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1188284 SUSE bug 1192346 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1190053 SUSE bug 1190054 SUSE bug 1190055 SUSE bug 1190056 SUSE bug 1190057 SUSE bug 1191601 SUSE bug 1191602 CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for log4j fixes the following issues: - CVE-2021-44228: Fix a remote code execution vulnerability that existed in the LDAP JNDI parser. [bsc#1193611, CVE-2021-44228] This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1193611 CVE-2021-44228 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ImageMagick fixes the following issues: - CVE-2021-20176: Fixed division by zero caused by processing crafted file (bsc#1181836). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1181836 CVE-2021-20176 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass (boo#1192712) Moderate SUSE bug 1192712 CVE-2021-41259 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for log4j fixes the following issue: CVE-2021-44228: The previously published fix by upstream turned out to be incomplete. Therefore, upstream has recommended disabling JNDI support in log4j by default to be completely sure that this vulnerability cannot be exploited. This update implements that recommendation and disables JNDI support by default. [bsc#1193611, CVE-2021-44228] This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1193611 CVE-2021-44228 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed DoS or information disclosure in some configurations (bsc#1188875). - CVE-2021-39272: Fixed STARTTLS session encryption bypassing (fetchmail-SA-2021-02) (bsc#1190069). - Update to 6.4.22 (bsc#1152964, jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059) - Remove all python2 dependencies (bsc#1190896). - De-hardcode /usr/lib path for launch executable (bsc#1174075). - Added hardening to systemd service(s) (bsc#1181400). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1152964 SUSE bug 1174075 SUSE bug 1181400 SUSE bug 1188875 SUSE bug 1190069 SUSE bug 1190896 CVE-2021-36386 CVE-2021-39272 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1186819 CVE-2021-3572 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for stunnel fixes the following issues: Security issue fixed: - The 'redirect' option was fixed to properly handle 'verifyChain = yes' (bsc#1177580). Non-security issues fixed: - Fix startup problem of the stunnel daemon (bsc#1178533) - update to 5.57: * Security bugfixes * New features - New securityLevel configuration file option. - Support for modern PostgreSQL clients - TLS 1.3 configuration updated for better compatibility. * Bugfixes - Fixed a transfer() loop bug. - Fixed memory leaks on configuration reloading errors. - DH/ECDH initialization restored for client sections. - Delay startup with systemd until network is online. - A number of testing framework fixes and improvements. - update to 5.56: - Various text files converted to Markdown format. - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model. - Fixup stunnel.conf handling: * Remove old static openSUSE provided stunnel.conf. * Use upstream stunnel.conf and tailor it for openSUSE using sed. * Don't show README.openSUSE when installing. - enable /etc/stunnel/conf.d - re-enable openssl.cnf This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1177580 SUSE bug 1178533 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for log4j fixes the following issue: - Previously published fixes for log4jshell turned out to be incomplete. Upstream has followed up on the original patch for CVE-2021-44228 with several additional changes (LOG4J2-3198, LOG4J2-3201, LOG4J2-3208, and LOG4J2-3211) that are included in this update. Since the totality of those patches is pretty much equivalent to an update to the latest version of log4j, we did update the package's tarball from version 2.13.0 to 2.16.0 instead of trying to apply those patches to the old version. This change brings in a new dependency on 'jakarta-servlet' and a version update of 'disruptor'. [bsc#1193743, CVE-2021-45046] This update was imported from SUSE:SLE-15-SP2:Update. Important SUSE bug 1193743 CVE-2021-44228 CVE-2021-45046 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: * CVE-2021-41179: Fix boo#1192028 - (CWE-304): Two-Factor Authentication not enforced for pages marked as public * CVE-2021-41178: Fix boo#1192030 - (CWE-434): File Traversal affecting SVG files on Nextcloud Server * CVE-2021-41177: Fix boo#1192031 - (CWE-799): Rate-limits not working on instances without configured memory cache backend Changes: - Add command to repair broken filesystem trees (server#26630) - Ensure that user and group IDs in LDAP's tables are also max 64chars (server#28971) - Change output format of Psalm to Github (server#29048) - File-upload: Correctly handle error responses for HTTP2 (server#29069) - Allow 'TwoFactor Nextcloud Notifications' to pull the state of the 2F… (server#29072) - Add a few sensitive config keys (server#29085) - Fix path of file_get_contents (server#29095) - Update the certificate bundle (server#29098) - Keep pw based auth tokens valid when pw-less login happens (server#29131) - Properly handle folder deletion on external s3 storage (server#29158) - Tokens without password should not trigger changed password invalidation (server#29166) - Don't further setup disabled users when logging in with apache (server#29167) - Add 'supported'-label to all supported apps (server#29181) - 21] generate a better optimized query for path prefix search filters (server#29192) - Keep group restrictions when reenabling apps after an update (server#29198) - Add proper message to created share not found (server#29205) - Add documentation for files_no_background_scan (server#29219) - Don't setup the filesystem to check for a favicon we don't use anyway (server#29223) - Fix background scan doc in config (server#29253) - Get `filesize()` if `file_exists()` (server#29290) - Fix unable to login errors due to file system not being initialized (server#29291) - Update 3rdparty ref (server#29297) - Bump icewind/streams from 0.7.3 to 0.7.5 in files_external (server#29298) - Fix app upgrade (server#29303) - Avoid PHP errors when the LDAP attribute is not found (server#29314) - Fix security issues when copying groupfolder with advanced ACL (server#29366) - Scheduling plugin not updating responding attendee status (server#29387) - Make calendar schedule options translatable (server#29388) - Add whitelist for apps inside of the server repo (server#29396) - Handle files with `is_file` instead of `file_exists` (server#29417) - Fixes an undefined index when getAccessList returns an empty array (server#29421) - Extra fixes needed for icewind/streams update to 0.7.2 (server#29426) - Backport #29260: Respect user enumeration settings in user status lists (server#29429) - Implement local filtering in file list (server#29441) - Detect mimetype by content only with content (server#29457) - Update CRL (server#29505) - Update update-psalm-baseline workflow (server#29548) - Bump icewind/streams from 0.7.1 to 0.7.5 (3rdparty#855) - Bump version (files_pdfviewer#512) - Fix deleting notifications with numeric user ID (notifications#1090) - Add integration tests for push registration (notifications#1097) - Restore old device signature so the proxy works again (notifications#1105) - Bump vue and vue-template-compiler (photos#864) - Bump prosemirror-schema-list from 1.1.5 to 1.1.6 (text#1868) - Additional checks for workspace controller (text#1887) Important SUSE bug 1192028 SUSE bug 1192030 SUSE bug 1192031 CVE-2021-41177 CVE-2021-41178 CVE-2021-41179 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for log4j fixes the following issues: - Update to 2.17.0 - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. (bsc#1193887, bsc#1193888) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1193887 SUSE bug 1193888 CVE-2021-45105 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190488) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1190487 SUSE bug 1190488 SUSE bug 1190489 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180064 SUSE bug 1187993 CVE-2020-29361 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for log4j12 fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for logback fixes the following issues: Upgrade to version 1.2.8 + In response to log4Shell/CVE-2021-44228, all JNDI lookup code in logback has been disabled until further notice. This impacts ContextJNDISelector and insertFromJNDI element in configuration files. + Also in response to log4Shell/CVE-2021-44228, all database (JDBC) related code in the project has been removed with no replacement. + Note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. The log4Shell/CVE-2021-44228 and LOGBACK-1591 are of different severity levels. A successful RCE requires all of the following conditions to be met: - write access to logback.xml - use of versions lower then 1.2.8 - reloading of poisoned configuration data, which implies application restart or scan='true' set prior to attack This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1193795 CVE-2021-44228 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mutt fixes the following issue: - CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1181221 CVE-2021-3181 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libaom fixes the following issues: - CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356). - CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365). - CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366). - CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1193356 SUSE bug 1193365 SUSE bug 1193366 SUSE bug 1193369 CVE-2020-36129 CVE-2020-36130 CVE-2020-36131 CVE-2020-36135 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1193436 CVE-2021-43784 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182345 SUSE bug 1193597 SUSE bug 1193598 CVE-2021-44716 CVE-2021-44717 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 96.0.4664.110 (boo#1193713): * CVE-2021-4098: Insufficient data validation in Mojo * CVE-2021-4099: Use after free in Swiftshader * CVE-2021-4100: Object lifecycle issue in ANGLE * CVE-2021-4101: Heap buffer overflow in Swiftshader * CVE-2021-4102: Use after free in V8 Lord of the Browsers: The Two Compilers: * Go back to GCC * GCC: LTO removes needed assembly symbols * Clang: issues with libstdc++ Chromium 96.0.4664.93 (boo#1193519): * CVE-2021-4052: Use after free in web apps * CVE-2021-4053: Use after free in UI * CVE-2021-4079: Out of bounds write in WebRTC * CVE-2021-4054: Incorrect security UI in autofill * CVE-2021-4078: Type confusion in V8 * CVE-2021-4055: Heap buffer overflow in extensions * CVE-2021-4056: Type Confusion in loader * CVE-2021-4057: Use after free in file API * CVE-2021-4058: Heap buffer overflow in ANGLE * CVE-2021-4059: Insufficient data validation in loader * CVE-2021-4061: Type Confusion in V8 * CVE-2021-4062: Heap buffer overflow in BFCache * CVE-2021-4063: Use after free in developer tools * CVE-2021-4064: Use after free in screen capture * CVE-2021-4065: Use after free in autofill * CVE-2021-4066: Integer underflow in ANGLE * CVE-2021-4067: Use after free in window manager * CVE-2021-4068: Insufficient validation of untrusted input in new tab page Chromium 96.0.4664.45 (boo#1192734): * CVE-2021-38007: Type Confusion in V8 * CVE-2021-38008: Use after free in media * CVE-2021-38009: Inappropriate implementation in cache * CVE-2021-38006: Use after free in storage foundation * CVE-2021-38005: Use after free in loader * CVE-2021-38010: Inappropriate implementation in service workers * CVE-2021-38011: Use after free in storage foundation * CVE-2021-38012: Type Confusion in V8 * CVE-2021-38013: Heap buffer overflow in fingerprint recognition * CVE-2021-38014: Out of bounds write in Swiftshader * CVE-2021-38015: Inappropriate implementation in input * CVE-2021-38016: Insufficient policy enforcement in background fetch * CVE-2021-38017: Insufficient policy enforcement in iframe sandbox * CVE-2021-38018: Inappropriate implementation in navigation * CVE-2021-38019: Insufficient policy enforcement in CORS * CVE-2021-38020: Insufficient policy enforcement in contacts picker * CVE-2021-38021: Inappropriate implementation in referrer * CVE-2021-38022: Inappropriate implementation in WebAuthentication Important SUSE bug 1192310 SUSE bug 1192734 SUSE bug 1193519 SUSE bug 1193713 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Update to version 91.4 MFSA 2021-54 (bsc#1193485) - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - CVE-2021-43528: JavaScript unexpectedly enabled for the composition area - Update to version 91.3.2 - CVE-2021-40529: Fixed ElGamal implementation could allow plaintext recovery (bsc#1190244) - Update to version 91.3 MFSA 2021-50 (bsc#1192250) - CVE-2021-38503: Fixed iframe sandbox rules did not apply to XSLT stylesheets - CVE-2021-38504: Fixed use-after-free in file picker dialog - CVE-2021-38505: Fixed Windows 10 Cloud Clipboard may have recorded sensitive user data - CVE-2021-38506: Fixed Thunderbird could be coaxed into going into fullscreen mode without notification or warning - CVE-2021-38507: Fixed opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports - CVE-2021-38508: Fixed permission Prompt could be overlaid, resulting in user confusion and potential spoofing - CVE-2021-38509: Fixed Javascript alert box could have been spoofed onto an arbitrary domain - CVE-2021-38510: Fixed Download Protections were bypassed by .inetloc files on Mac OS - Fixed plain text reformatting regression (bsc#1182863) - Update to version 91.2 MFSA 2021-47 (bsc#1191332) - CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT - CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion - CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux - CVE-2021-32810: Data race in crossbeam-deque - CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and Thunderbird 91.1 - CVE-2021-38496: Use-after-free in MessageTask - CVE-2021-38497: Validation message could have been overlaid on another origin - CVE-2021-38498: Use-after-free of nsLanguageAtomService object - CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections - Update to version 91.1.0 MFSA 2021-41 (bsc#1190269) - CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer - CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1 - Update to version 91.0.1 MFSA 2021-37 (bsc#1189547) - CVE-2021-29991: Header Splitting possible with HTTP/3 Responses This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182863 SUSE bug 1189547 SUSE bug 1190244 SUSE bug 1190269 SUSE bug 1191332 SUSE bug 1192250 SUSE bug 1193485 CVE-2021-29981 CVE-2021-29982 CVE-2021-29987 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38493 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 CVE-2021-40529 CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 c-toxcore was updated fo fix a securiy issue: - CVE-2021-44847: Fixed a buffer overflow in handle_request in DHT.c which could lead to remote DoS and potential code execution (boo#1193667) Moderate SUSE bug 1193667 CVE-2021-44847 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 getdata was updated to 0.11.0, fixing bugs and a security issue: - CVE-2021-20204: Fixed a use after free in _GD_Supports() in encoding.c (boo#1186251) for all relevant changes see: https://github.com/ketiltrout/getdata/releases/tag/v0.11.0 Moderate SUSE bug 1186251 CVE-2021-20204 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for privoxy fixes the following issues: privoxy was updated to 3.0.33 (boo#1193584): * CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself * CVE-2021-44540: Free memory of compiled pattern spec before bailing * CVE-2021-44541: Free header memory when failing to get the request destination. * CVE-2021-44542: Prevent memory leaks when handling errors * Disable fast-redirects for a number of domains * Update default block lists * Many bug fixes and minor enhancements Important SUSE bug 1193584 CVE-2021-44540 CVE-2021-44541 CVE-2021-44542 CVE-2021-44543 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for kernel-firmware fixes the following issues: - CVE-2019-15126: Updated Broadcom firmware to fix Kr00k bug (bsc#1167162). This update was imported from the SUSE:SLE-15-SP1:Update update project. Low SUSE bug 1167162 CVE-2019-15126 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for virtualbox fixes the following issues: Version update to 6.1.18 (released January 19 2021) This is a maintenance release. The following items were fixed and/or added: - Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts (bug #19315, #19561) - OCI integration: Cloud Instance parameters parsing is improved on import (bug #19156) - Network: UDP checksum offloading in e1000 no longer produces zero checksums (bug #19930) - Network: Fixed Host-Only Ethernet Adapter DHCP, guest os can not get IP on host resume (bug #19620) - NAT: Fixed mss parameter handing (bug #15256) - macOS host: Multiple optimizations for BigSur - Audio: Fixed issues with audio playback after host goes to sleep (bug #18594) - Documentation: Some content touch-up and table formatting fixes - Linux host and guest: Support kernel version 5.10 (bug #20055) - Solaris host: Fix regression breaking VGA text mode since version 6.1.0 - Guest Additions: Fixed a build failure affecting CentOS 8.2-2004 and later (bug #20091) - Guest Additions: Fixed a build failure affecting Linux kernels 3.2.0 through 3.2.50 (bug #20006) - Guest Additions: Fixed a VM segfault on copy with shared clipboard with X11 (bug #19226) - Shared Folder: Fixed error with remounting on Linux guests - Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198. - Disable build of guest modules. These are included in recent kernels - Fix additional mouse control dialog issues. Important SUSE bug 1181197 SUSE bug 1181198 CVE-2021-2074 CVE-2021-2129 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180684 SUSE bug 1180685 SUSE bug 1180687 SUSE bug 1181090 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: chromium was updated to 88.0.4324.96 boo#1181137 - CVE-2021-21117: Insufficient policy enforcement in Cryptohome - CVE-2021-21118: Insufficient data validation in V8 - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free in WebSQL - CVE-2021-21121: Use after free in Omnibox - CVE-2021-21122: Use after free in Blink - CVE-2021-21123: Insufficient data validation in File System API - CVE-2021-21124: Potential user after free in Speech Recognizer - CVE-2021-21125: Insufficient policy enforcement in File System API - CVE-2020-16044: Use after free in WebRTC - CVE-2021-21126: Insufficient policy enforcement in extensions - CVE-2021-21127: Insufficient policy enforcement in extensions - CVE-2021-21128: Heap buffer overflow in Blink - CVE-2021-21129: Insufficient policy enforcement in File System API - CVE-2021-21130: Insufficient policy enforcement in File System API - CVE-2021-21131: Insufficient policy enforcement in File System API - CVE-2021-21132: Inappropriate implementation in DevTools - CVE-2021-21133: Insufficient policy enforcement in Downloads - CVE-2021-21134: Incorrect security UI in Page Info - CVE-2021-21135: Inappropriate implementation in Performance API - CVE-2021-21136: Insufficient policy enforcement in WebView - CVE-2021-21137: Inappropriate implementation in DevTools - CVE-2021-21138: Use after free in DevTools - CVE-2021-21139: Inappropriate implementation in iframe sandbox - CVE-2021-21140: Uninitialized Use in USB - CVE-2021-21141: Insufficient policy enforcement in File System API Important SUSE bug 1181137 CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.15 fixes the following issues: Go was updated to version 1.15.7 (bsc#1175132). Security issues fixed: - CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic (bsc#1181145). - CVE-2021-3115: Fixed a potential arbitrary code execution in the build process (bsc#1181146). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175132 SUSE bug 1181145 SUSE bug 1181146 CVE-2021-3114 CVE-2021-3115 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.14 fixes the following issues: Go was updated to version 1.14.14 (bsc#1164903). Security issues fixed: - CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic (bsc#1181145). - CVE-2021-3115: Fixed a potential arbitrary code execution in the build process (bsc#1181146). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1164903 SUSE bug 1181145 SUSE bug 1181146 CVE-2021-3114 CVE-2021-3115 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs8 fixes the following issue: - CVE-2020-8287: Fixed an HTTP request smuggling vulnerability (bsc#1180554). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1180554 CVE-2020-8287 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for segv_handler fixes the following issues: - Replace by empty package with README explaining the removal for security reasons (boo#1180665). Moderate SUSE bug 1180665 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 78.7.0 ESR (MFSA 2021-05, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs * CVE-2020-15685: Fixed an IMAP Response Injection when using STARTTLS This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1181414 CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for jackson-databind fixes the following issues: jackson-databind was updated to 2.10.5.1: * #2589: `DOMDeserializer`: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue('123', Void.TYPE)' throws 'should never occur' This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1177616 SUSE bug 1180391 SUSE bug 1181118 CVE-2020-25649 CVE-2020-35728 CVE-2021-20190 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rubygem-nokogiri fixes the following issues: rubygem-nokogiri was updated to 1.8.5 (bsc#1156722). Security issues fixed: - CVE-2019-5477: Fixed a command injection vulnerability (bsc#1146578). - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema (bsc#1180507). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1146578 SUSE bug 1156722 SUSE bug 1180507 CVE-2019-5477 CVE-2020-26247 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openvswitch fixes the following issues: - openvswitch was updated to 2.13.2 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1117483 SUSE bug 1181345 CVE-2020-27827 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-notebook fixes the following issue: - CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458). Moderate SUSE bug 1180458 CVE-2020-26215 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). The following non-security bugs were fixed: - ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ACPI: sysfs: Prefer 'compatible' modalias (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda: Add Cometlake-R PCI ID (git-fixes). - ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes). - ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes). - ALSA: pcm: fix hw_rule deps kABI (bsc#1181014). - ALSA: pcm: One more dependency for hw constraints (bsc#1181014). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014). - ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes). - ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014). - ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes). - ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes). - ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014). - ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes). - ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes). - ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014). - ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014). - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - ASoC: ak4458: correct reset polarity (git-fixes). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes). - ASoC: meson: axg-tdm-interface: fix loopback (git-fixes). - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes). - bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274). - bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518). - bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518). - btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511). - btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237). - cachefiles: Drop superfluous readpages aops NULL check (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - CDC-NCM: remove 'connected' log message (git-fixes). - clk: tegra30: Add hda clock default rates to clock driver (git-fixes). - crypto: asym_tpm: correct zero out potential secrets (git-fixes). - drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264). - drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848). - drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf: - drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes). - drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes). - drm/amd/display: Avoid MST manager resource leak (git-fixes). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes). - drm/amd/display: Do not double-buffer DTO adjustments (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes). - drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amd/display: Increase timeout for DP Disable (git-fixes). - drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amd/display: Retry AUX write when fail occurs (git-fixes). - drm/amd/display: Stop if retimer is not available (git-fixes). - drm/amd/display: update nv1x stutter latencies (git-fixes). - drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes). - drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes). - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/amdgpu: fix a GPU hang issue when remove device (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu: increase the reserved VM size to 2MB (git-fixes). - drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes). - drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix leak in dmabuf import (git-fixes). - drm/amdkfd: fix restore worker race condition (git-fixes). - drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes). - drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes). - drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472) - drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes). - drm/atomic: put state on error path (git-fixes). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472) - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/dp_aux_dev: check aux_dev before use in (bsc#1152472) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes). - drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes). - drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting notes: * context changes - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes). - drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: clear the gpu reloc batch (git-fixes). - drm/i915: Correctly set SFC capability for video engines (bsc#1152489) Backporting notes: * context changes - drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes). - drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes). - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes). - drm/i915: Filter wake_flags passed to default_wake_function (git-fixes). - drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes). - drm/i915/gt: Delay execlist processing for tgl (git-fixes). - drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes). - drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes). - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes). - drm/i915/gvt: return error when failing to take the module reference (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/i915: Handle max_bpc==16 (git-fixes). - drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes). - drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472) - drm/mcde: Fix handling of platform_get_irq() error (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm/a6xx: fix a potential overflow issue (git-fixes). - drm/msm/a6xx: fix gmu start on newer firmware (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dpu: Fix scale params in plane validation (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/nouveau/mmu: fix vram heap sizing (git-fixes). - drm/nouveau/nouveau: fix the start/end range for migration (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes). - drm/omap: fix incorrect lock state (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/panfrost: add amlogic reset quirk callback (git-fixes). - drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472) - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - drm/scheduler: Avoid accessing freed bad job (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472) - drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes). - drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes). - drm/sun4i: frontend: Rework a bit the phase data (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - drm/syncobj: Fix use-after-free (git-fixes). - drm/tegra: replace idr_init() by idr_init_base() (git-fixes). - drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472) - drm/tve200: Fix handling of platform_get_irq() error (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100). - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ('kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.') - firmware: imx: select SOC_BUS to fix firmware build (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Remove needless goto's (bsc#1149032). - futex: Remove unused empty compat_exit_robust_list() (bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes). - HID: logitech-dj: add the G602 receiver (git-fixes). - HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes). - HID: multitouch: do not filter mice nodes (git-fixes). - HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes). - HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes). - HID: wacom: Constify attribute_groups (git-fixes). - HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes). - HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes). - HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes). - hwmon: (pwm-fan) Ensure that calculation does not discard big period values (git-fixes). - i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - ice: avoid premature Rx buffer reuse (jsc#SLE-7926). - ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926). - iio: ad5504: Fix setting power-down state (git-fixes). - iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217). - ionic: account for vlan tag len in rx buffer len (bsc#1167773). - kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes). - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)). - KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218). - KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809). - leds: trigger: fix potential deadlock with libata (git-fixes). - lib/genalloc: fix the overflow when size is too big (git-fixes). - lockd: do not use interval-based rebinding over TCP (for-next). - mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes). - mac80211: do not drop tx nulldata packets on encrypted links (git-fixes). - md: fix a warning caused by a race between concurrent md_ioctl()s (for-next). - media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104). - media: dvb-usb: Fix use-after-free access (bsc#1181104). - media: rc: ensure that uevent can be read directly after rc device register (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mmc: core: do not initialize block size from ext_csd if not present (git-fixes). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - mm: memcontrol: fix missing wakeup polling thread (bsc#1181584). - mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)). - module: delay kobject uevent until after module init call (bsc#1178631). - mt7601u: fix kernel crash unplugging the device (git-fixes). - mt7601u: fix rx buffer refcounting (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net: fix proc_fs init handling in af_packet and tls (bsc#1154353). - net: hns3: fix a phy loopback fail issue (bsc#1154353). - net: hns3: remove a misused pragma packed (bsc#1154353). - net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464). - net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix cleanup for linkgroup setup failures (git-fixes). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (git-fixes). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/smc: no peer ID in CLC decline for SMCD (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: transfer fasync_list in case of fallback (git-fixes). - net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' (for-next). - net: sunrpc: interpret the return value of kstrtou32 correctly (for-next). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353). - NFC: fix possible resource leak (git-fixes). - NFC: fix resource leak when target index is invalid (git-fixes). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next). - nfs_common: need lock during iterate through the list (for-next). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (for-next). - NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next). - NFS: nfs_igrab_and_active must first reference the superblock (for-next). - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next). - NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next). - NFS: switch nfsiod to be an UNBOUND workqueue (for-next). - NFSv4.2: condition READDIR's mask for security label based on LSM state (for-next). - NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes). - platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes). - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes). - PM: hibernate: flush swap writer after marking (git-fixes). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702). - powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702). - powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702). - powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702). - powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702). - power: vexpress: add suppress_bind_attrs to true (git-fixes). - prom_init: enable verbose prints (bsc#1178142 bsc#1180759). - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - Revert 'nfsd4: support change_attr_type attribute' (for-next). - Revive usb-audio Keep Interface mixer (bsc#1181014). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914). - s390/dasd: fix list corruption of lcu list (git-fixes). - s390/dasd: fix list corruption of pavgroup group list (git-fixes). - s390/dasd: prevent inconsistent LCU device data (git-fixes). - s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes). - s390/qeth: consolidate online/offline code (git-fixes). - s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - scsi: scsi_transport_srp: Do not block target in failfast state (bsc#1172355). - selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738). - selftests: net: fib_tests: remove duplicate log test (git-fixes). - selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851). - selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851). - selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851). - selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851). - selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851). - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579). - selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next). - sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next). - SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next). - timers: Preserve higher bits of expiration on index calculation (bsc#1181318). - timers: Use only bucket expiry for base->next_expiry value (bsc#1181318). - udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes). - USB: cdc-acm: blacklist another IR Droid device (git-fixes). - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - usb: gadget: aspeed: fix stop dma register setting (git-fixes). - usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes). - usb: gadget: enable super speed plus (git-fixes). - usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes). - usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes). - USB: serial: option: add LongSung M5710 module support (git-fixes). - USB: serial: option: add Quectel EM160R-GL (git-fixes). - usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes). - usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - USB: usblp: fix DMA to stack (git-fixes). - vfio iommu: Add dma available capability (bsc#1179572 LTC#190110). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220). - video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489). - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077). - x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489). - x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489). - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335). - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346). - xen/privcmd: allow fetching resource sizes (bsc#1065600). - xfs: show the proper user quota options (bsc#1181538). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes). Important SUSE bug 1065600 SUSE bug 1149032 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1163930 SUSE bug 1165545 SUSE bug 1167773 SUSE bug 1172355 SUSE bug 1176395 SUSE bug 1176831 SUSE bug 1178142 SUSE bug 1178631 SUSE bug 1179142 SUSE bug 1179396 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179567 SUSE bug 1179572 SUSE bug 1180130 SUSE bug 1180264 SUSE bug 1180412 SUSE bug 1180759 SUSE bug 1180765 SUSE bug 1180809 SUSE bug 1180812 SUSE bug 1180848 SUSE bug 1180889 SUSE bug 1180891 SUSE bug 1180971 SUSE bug 1181014 SUSE bug 1181018 SUSE bug 1181077 SUSE bug 1181104 SUSE bug 1181148 SUSE bug 1181158 SUSE bug 1181161 SUSE bug 1181169 SUSE bug 1181203 SUSE bug 1181217 SUSE bug 1181218 SUSE bug 1181219 SUSE bug 1181220 SUSE bug 1181237 SUSE bug 1181318 SUSE bug 1181335 SUSE bug 1181346 SUSE bug 1181349 SUSE bug 1181425 SUSE bug 1181494 SUSE bug 1181504 SUSE bug 1181511 SUSE bug 1181538 SUSE bug 1181584 CVE-2020-25211 CVE-2020-29568 CVE-2020-29569 CVE-2021-0342 CVE-2021-20177 CVE-2021-3347 CVE-2021-3348 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update syncs the RT kernel from the SUSE Linux Enterprise 15-SP2 codestream. This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1034995 SUSE bug 1040855 SUSE bug 1043347 SUSE bug 1044120 SUSE bug 1044767 SUSE bug 1055014 SUSE bug 1055117 SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1061843 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066382 SUSE bug 1071995 SUSE bug 1077428 SUSE bug 1085030 SUSE bug 1094244 SUSE bug 1094840 SUSE bug 1109695 SUSE bug 1115431 SUSE bug 1120163 SUSE bug 1129923 SUSE bug 1133021 SUSE bug 1134760 SUSE bug 1136666 SUSE bug 1138374 SUSE bug 1139944 SUSE bug 1148868 SUSE bug 1149032 SUSE bug 1152148 SUSE bug 1152457 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1154488 SUSE bug 1154492 SUSE bug 1154824 SUSE bug 1155518 SUSE bug 1155798 SUSE bug 1156315 SUSE bug 1156395 SUSE bug 1157169 SUSE bug 1158050 SUSE bug 1158242 SUSE bug 1158265 SUSE bug 1158748 SUSE bug 1158765 SUSE bug 1158775 SUSE bug 1158983 SUSE bug 1159058 SUSE bug 1159781 SUSE bug 1159867 SUSE bug 1159886 SUSE bug 1160388 SUSE bug 1160634 SUSE bug 1160947 SUSE bug 1161099 SUSE bug 1161495 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1162209 SUSE bug 1162400 SUSE bug 1162702 SUSE bug 1163592 SUSE bug 1163727 SUSE bug 1164648 SUSE bug 1164777 SUSE bug 1164780 SUSE bug 1165211 SUSE bug 1165455 SUSE bug 1165629 SUSE bug 1165692 SUSE bug 1165933 SUSE bug 1165975 SUSE bug 1166146 SUSE bug 1166166 SUSE bug 1166340 SUSE bug 1166965 SUSE bug 1166985 SUSE bug 1167030 SUSE bug 1167104 SUSE bug 1167527 SUSE bug 1167651 SUSE bug 1167657 SUSE bug 1167773 SUSE bug 1167851 SUSE bug 1168230 SUSE bug 1168461 SUSE bug 1168468 SUSE bug 1168779 SUSE bug 1168838 SUSE bug 1168952 SUSE bug 1168959 SUSE bug 1169021 SUSE bug 1169094 SUSE bug 1169194 SUSE bug 1169263 SUSE bug 1169514 SUSE bug 1169681 SUSE bug 1169763 SUSE bug 1169771 SUSE bug 1169790 SUSE bug 1169795 SUSE bug 1170011 SUSE bug 1170139 SUSE bug 1170232 SUSE bug 1170284 SUSE bug 1170415 SUSE bug 1170442 SUSE bug 1170617 SUSE bug 1170621 SUSE bug 1170774 SUSE bug 1170879 SUSE bug 1170891 SUSE bug 1170895 SUSE bug 1171000 SUSE bug 1171068 SUSE bug 1171073 SUSE bug 1171078 SUSE bug 1171117 SUSE bug 1171150 SUSE bug 1171156 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171236 SUSE bug 1171242 SUSE bug 1171246 SUSE bug 1171285 SUSE bug 1171293 SUSE bug 1171374 SUSE bug 1171390 SUSE bug 1171391 SUSE bug 1171392 SUSE bug 1171417 SUSE bug 1171426 SUSE bug 1171507 SUSE bug 1171513 SUSE bug 1171514 SUSE bug 1171529 SUSE bug 1171530 SUSE bug 1171558 SUSE bug 1171634 SUSE bug 1171644 SUSE bug 1171662 SUSE bug 1171675 SUSE bug 1171688 SUSE bug 1171699 SUSE bug 1171709 SUSE bug 1171730 SUSE bug 1171732 SUSE bug 1171736 SUSE bug 1171739 SUSE bug 1171742 SUSE bug 1171743 SUSE bug 1171759 SUSE bug 1171773 SUSE bug 1171774 SUSE bug 1171775 SUSE bug 1171776 SUSE bug 1171777 SUSE bug 1171778 SUSE bug 1171779 SUSE bug 1171780 SUSE bug 1171781 SUSE bug 1171782 SUSE bug 1171783 SUSE bug 1171784 SUSE bug 1171785 SUSE bug 1171786 SUSE bug 1171787 SUSE bug 1171788 SUSE bug 1171789 SUSE bug 1171790 SUSE bug 1171791 SUSE bug 1171792 SUSE bug 1171793 SUSE bug 1171794 SUSE bug 1171795 SUSE bug 1171796 SUSE bug 1171797 SUSE bug 1171798 SUSE bug 1171799 SUSE bug 1171810 SUSE bug 1171827 SUSE bug 1171828 SUSE bug 1171832 SUSE bug 1171833 SUSE bug 1171834 SUSE bug 1171835 SUSE bug 1171839 SUSE bug 1171840 SUSE bug 1171841 SUSE bug 1171842 SUSE bug 1171843 SUSE bug 1171844 SUSE bug 1171849 SUSE bug 1171857 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1171915 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1171988 SUSE bug 1172017 SUSE bug 1172046 SUSE bug 1172061 SUSE bug 1172062 SUSE bug 1172063 SUSE bug 1172064 SUSE bug 1172065 SUSE bug 1172066 SUSE bug 1172067 SUSE bug 1172068 SUSE bug 1172069 SUSE bug 1172073 SUSE bug 1172086 SUSE bug 1172095 SUSE bug 1172108 SUSE bug 1172145 SUSE bug 1172169 SUSE bug 1172170 SUSE bug 1172197 SUSE bug 1172201 SUSE bug 1172208 SUSE bug 1172223 SUSE bug 1172247 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172365 SUSE bug 1172366 SUSE bug 1172374 SUSE bug 1172391 SUSE bug 1172393 SUSE bug 1172394 SUSE bug 1172418 SUSE bug 1172419 SUSE bug 1172453 SUSE bug 1172458 SUSE bug 1172467 SUSE bug 1172484 SUSE bug 1172537 SUSE bug 1172543 SUSE bug 1172687 SUSE bug 1172719 SUSE bug 1172733 SUSE bug 1172739 SUSE bug 1172751 SUSE bug 1172757 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172814 SUSE bug 1172823 SUSE bug 1172841 SUSE bug 1172871 SUSE bug 1172873 SUSE bug 1172938 SUSE bug 1172939 SUSE bug 1172940 SUSE bug 1172956 SUSE bug 1172963 SUSE bug 1172983 SUSE bug 1172984 SUSE bug 1172985 SUSE bug 1172986 SUSE bug 1172987 SUSE bug 1172988 SUSE bug 1172989 SUSE bug 1172990 SUSE bug 1172999 SUSE bug 1173017 SUSE bug 1173068 SUSE bug 1173074 SUSE bug 1173085 SUSE bug 1173115 SUSE bug 1173139 SUSE bug 1173206 SUSE bug 1173267 SUSE bug 1173271 SUSE bug 1173280 SUSE bug 1173284 SUSE bug 1173428 SUSE bug 1173438 SUSE bug 1173461 SUSE bug 1173468 SUSE bug 1173485 SUSE bug 1173514 SUSE bug 1173552 SUSE bug 1173573 SUSE bug 1173625 SUSE bug 1173746 SUSE bug 1173776 SUSE bug 1173798 SUSE bug 1173813 SUSE bug 1173817 SUSE bug 1173818 SUSE bug 1173820 SUSE bug 1173822 SUSE bug 1173823 SUSE bug 1173824 SUSE bug 1173825 SUSE bug 1173826 SUSE bug 1173827 SUSE bug 1173828 SUSE bug 1173830 SUSE bug 1173831 SUSE bug 1173832 SUSE bug 1173833 SUSE bug 1173834 SUSE bug 1173836 SUSE bug 1173837 SUSE bug 1173838 SUSE bug 1173839 SUSE bug 1173841 SUSE bug 1173843 SUSE bug 1173844 SUSE bug 1173845 SUSE bug 1173847 SUSE bug 1173849 SUSE bug 1173860 SUSE bug 1173894 SUSE bug 1173941 SUSE bug 1173954 SUSE bug 1174002 SUSE bug 1174003 SUSE bug 1174018 SUSE bug 1174026 SUSE bug 1174029 SUSE bug 1174072 SUSE bug 1174098 SUSE bug 1174110 SUSE bug 1174111 SUSE bug 1174116 SUSE bug 1174126 SUSE bug 1174127 SUSE bug 1174128 SUSE bug 1174129 SUSE bug 1174146 SUSE bug 1174185 SUSE bug 1174205 SUSE bug 1174244 SUSE bug 1174263 SUSE bug 1174264 SUSE bug 1174331 SUSE bug 1174332 SUSE bug 1174333 SUSE bug 1174345 SUSE bug 1174356 SUSE bug 1174358 SUSE bug 1174362 SUSE bug 1174387 SUSE bug 1174396 SUSE bug 1174398 SUSE bug 1174407 SUSE bug 1174409 SUSE bug 1174411 SUSE bug 1174438 SUSE bug 1174462 SUSE bug 1174484 SUSE bug 1174486 SUSE bug 1174513 SUSE bug 1174527 SUSE bug 1174625 SUSE bug 1174627 SUSE bug 1174645 SUSE bug 1174689 SUSE bug 1174699 SUSE bug 1174737 SUSE bug 1174748 SUSE bug 1174757 SUSE bug 1174762 SUSE bug 1174770 SUSE bug 1174771 SUSE bug 1174777 SUSE bug 1174805 SUSE bug 1174824 SUSE bug 1174825 SUSE bug 1174852 SUSE bug 1174865 SUSE bug 1174880 SUSE bug 1174897 SUSE bug 1174899 SUSE bug 1174906 SUSE bug 1174969 SUSE bug 1175009 SUSE bug 1175010 SUSE bug 1175011 SUSE bug 1175012 SUSE bug 1175013 SUSE bug 1175014 SUSE bug 1175015 SUSE bug 1175016 SUSE bug 1175017 SUSE bug 1175018 SUSE bug 1175019 SUSE bug 1175020 SUSE bug 1175021 SUSE bug 1175052 SUSE bug 1175079 SUSE bug 1175112 SUSE bug 1175116 SUSE bug 1175128 SUSE bug 1175149 SUSE bug 1175175 SUSE bug 1175176 SUSE bug 1175180 SUSE bug 1175181 SUSE bug 1175182 SUSE bug 1175183 SUSE bug 1175184 SUSE bug 1175185 SUSE bug 1175186 SUSE bug 1175187 SUSE bug 1175188 SUSE bug 1175189 SUSE bug 1175190 SUSE bug 1175191 SUSE bug 1175192 SUSE bug 1175195 SUSE bug 1175199 SUSE bug 1175213 SUSE bug 1175232 SUSE bug 1175263 SUSE bug 1175284 SUSE bug 1175296 SUSE bug 1175306 SUSE bug 1175344 SUSE bug 1175345 SUSE bug 1175346 SUSE bug 1175347 SUSE bug 1175367 SUSE bug 1175377 SUSE bug 1175440 SUSE bug 1175480 SUSE bug 1175493 SUSE bug 1175546 SUSE bug 1175550 SUSE bug 1175599 SUSE bug 1175621 SUSE bug 1175654 SUSE bug 1175667 SUSE bug 1175691 SUSE bug 1175718 SUSE bug 1175721 SUSE bug 1175749 SUSE bug 1175768 SUSE bug 1175769 SUSE bug 1175770 SUSE bug 1175771 SUSE bug 1175772 SUSE bug 1175774 SUSE bug 1175775 SUSE bug 1175787 SUSE bug 1175807 SUSE bug 1175834 SUSE bug 1175873 SUSE bug 1175882 SUSE bug 1175898 SUSE bug 1175918 SUSE bug 1175952 SUSE bug 1175995 SUSE bug 1175996 SUSE bug 1175997 SUSE bug 1175998 SUSE bug 1175999 SUSE bug 1176000 SUSE bug 1176001 SUSE bug 1176019 SUSE bug 1176022 SUSE bug 1176038 SUSE bug 1176063 SUSE bug 1176069 SUSE bug 1176109 SUSE bug 1176137 SUSE bug 1176180 SUSE bug 1176200 SUSE bug 1176235 SUSE bug 1176236 SUSE bug 1176237 SUSE bug 1176242 SUSE bug 1176354 SUSE bug 1176357 SUSE bug 1176358 SUSE bug 1176359 SUSE bug 1176360 SUSE bug 1176361 SUSE bug 1176362 SUSE bug 1176363 SUSE bug 1176364 SUSE bug 1176365 SUSE bug 1176366 SUSE bug 1176367 SUSE bug 1176381 SUSE bug 1176396 SUSE bug 1176400 SUSE bug 1176423 SUSE bug 1176449 SUSE bug 1176481 SUSE bug 1176485 SUSE bug 1176486 SUSE bug 1176507 SUSE bug 1176536 SUSE bug 1176537 SUSE bug 1176538 SUSE bug 1176539 SUSE bug 1176540 SUSE bug 1176541 SUSE bug 1176542 SUSE bug 1176543 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176564 SUSE bug 1176586 SUSE bug 1176587 SUSE bug 1176588 SUSE bug 1176659 SUSE bug 1176698 SUSE bug 1176699 SUSE bug 1176700 SUSE bug 1176713 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176725 SUSE bug 1176732 SUSE bug 1176763 SUSE bug 1176775 SUSE bug 1176788 SUSE bug 1176789 SUSE bug 1176833 SUSE bug 1176855 SUSE bug 1176869 SUSE bug 1176877 SUSE bug 1176907 SUSE bug 1176925 SUSE bug 1176942 SUSE bug 1176956 SUSE bug 1176962 SUSE bug 1176979 SUSE bug 1176980 SUSE bug 1176983 SUSE bug 1176990 SUSE bug 1177021 SUSE bug 1177030 SUSE bug 1177066 SUSE bug 1177070 SUSE bug 1177086 SUSE bug 1177090 SUSE bug 1177109 SUSE bug 1177121 SUSE bug 1177193 SUSE bug 1177194 SUSE bug 1177206 SUSE bug 1177258 SUSE bug 1177271 SUSE bug 1177281 SUSE bug 1177283 SUSE bug 1177284 SUSE bug 1177285 SUSE bug 1177286 SUSE bug 1177297 SUSE bug 1177326 SUSE bug 1177353 SUSE bug 1177384 SUSE bug 1177397 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177500 SUSE bug 1177511 SUSE bug 1177617 SUSE bug 1177666 SUSE bug 1177679 SUSE bug 1177681 SUSE bug 1177683 SUSE bug 1177687 SUSE bug 1177694 SUSE bug 1177697 SUSE bug 1177698 SUSE bug 1177703 SUSE bug 1177719 SUSE bug 1177724 SUSE bug 1177725 SUSE bug 1177726 SUSE bug 1177733 SUSE bug 1177739 SUSE bug 1177749 SUSE bug 1177750 SUSE bug 1177754 SUSE bug 1177755 SUSE bug 1177765 SUSE bug 1177766 SUSE bug 1177799 SUSE bug 1177801 SUSE bug 1177814 SUSE bug 1177817 SUSE bug 1177820 SUSE bug 1177854 SUSE bug 1177855 SUSE bug 1177856 SUSE bug 1177861 SUSE bug 1178002 SUSE bug 1178049 SUSE bug 1178079 SUSE bug 1178123 SUSE bug 1178166 SUSE bug 1178173 SUSE bug 1178175 SUSE bug 1178176 SUSE bug 1178177 SUSE bug 1178182 SUSE bug 1178183 SUSE bug 1178184 SUSE bug 1178185 SUSE bug 1178186 SUSE bug 1178190 SUSE bug 1178191 SUSE bug 1178203 SUSE bug 1178227 SUSE bug 1178246 SUSE bug 1178255 SUSE bug 1178270 SUSE bug 1178286 SUSE bug 1178307 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178395 SUSE bug 1178401 SUSE bug 1178426 SUSE bug 1178461 SUSE bug 1178579 SUSE bug 1178581 SUSE bug 1178584 SUSE bug 1178585 SUSE bug 1178589 SUSE bug 1178590 SUSE bug 1178612 SUSE bug 1178634 SUSE bug 1178635 SUSE bug 1178653 SUSE bug 1178659 SUSE bug 1178660 SUSE bug 1178661 SUSE bug 1178669 SUSE bug 1178686 SUSE bug 1178740 SUSE bug 1178755 SUSE bug 1178756 SUSE bug 1178762 SUSE bug 1178780 SUSE bug 1178838 SUSE bug 1178853 SUSE bug 1178886 SUSE bug 1179001 SUSE bug 1179012 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179076 SUSE bug 1179082 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179160 SUSE bug 1179201 SUSE bug 1179204 SUSE bug 1179211 SUSE bug 1179217 SUSE bug 1179419 SUSE bug 1179424 SUSE bug 1179425 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179429 SUSE bug 1179432 SUSE bug 1179434 SUSE bug 1179435 SUSE bug 1179442 SUSE bug 1179519 SUSE bug 1179550 SUSE bug 1179575 SUSE bug 1179578 SUSE bug 1179601 SUSE bug 1179604 SUSE bug 1179639 SUSE bug 1179652 SUSE bug 1179656 SUSE bug 1179670 SUSE bug 1179671 SUSE bug 1179672 SUSE bug 1179673 SUSE bug 1179675 SUSE bug 1179676 SUSE bug 1179677 SUSE bug 1179678 SUSE bug 1179679 SUSE bug 1179680 SUSE bug 1179681 SUSE bug 1179682 SUSE bug 1179683 SUSE bug 1179684 SUSE bug 1179685 SUSE bug 1179687 SUSE bug 1179688 SUSE bug 1179689 SUSE bug 1179690 SUSE bug 1179703 SUSE bug 1179704 SUSE bug 1179707 SUSE bug 1179709 SUSE bug 1179710 SUSE bug 1179711 SUSE bug 1179712 SUSE bug 1179713 SUSE bug 1179714 SUSE bug 1179715 SUSE bug 1179716 SUSE bug 1179745 SUSE bug 1179763 SUSE bug 1179887 SUSE bug 1179888 SUSE bug 1179892 SUSE bug 1179896 SUSE bug 1179960 SUSE bug 1179963 SUSE bug 1180027 SUSE bug 1180029 SUSE bug 1180031 SUSE bug 1180052 SUSE bug 1180056 SUSE bug 1180086 SUSE bug 1180117 SUSE bug 1180258 SUSE bug 1180261 SUSE bug 1180349 SUSE bug 1180506 SUSE bug 1180541 SUSE bug 1180559 SUSE bug 1180566 SUSE bug 173030 SUSE bug 744692 SUSE bug 789311 SUSE bug 954532 SUSE bug 995541 CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2020-0110 CVE-2020-0305 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-0543 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-11668 CVE-2020-12351 CVE-2020-12352 CVE-2020-12652 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14314 CVE-2020-14331 CVE-2020-14351 CVE-2020-14356 CVE-2020-14385 CVE-2020-14386 CVE-2020-14390 CVE-2020-14416 CVE-2020-15393 CVE-2020-15436 CVE-2020-15437 CVE-2020-15780 CVE-2020-16120 CVE-2020-16166 CVE-2020-1749 CVE-2020-24490 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29370 CVE-2020-29371 CVE-2020-29373 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2020-8694 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for kitty fixes the following issue: - CVE-2020-35605: Fixed an RCE due to filenames containing special characters contained in error messages (boo#1180298). Important SUSE bug 1180298 CVE-2020-35605 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). - CVE-2019-8842: Fixed an out-of-bounds read in an extension field (bsc#1170671). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1170671 SUSE bug 1180520 CVE-2019-8842 CVE-2020-10001 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Update to 88.0.4324.146 boo#1181772 - CVE-2021-21142: Use after free in Payments - CVE-2021-21143: Heap buffer overflow in Extensions - CVE-2021-21144: Heap buffer overflow in Tab Groups. - CVE-2021-21145: Use after free in Fonts - CVE-2021-21146: Use after free in Navigation. - CVE-2021-21147: Inappropriate implementation in Skia Important SUSE bug 1181772 CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920). - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). - CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406). Non-security issues fixed: - Pigeonhole was updated to version 0.5.11. - Dovecot was updated to version 2.3.11.3. This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174920 SUSE bug 1180405 SUSE bug 1180406 CVE-2020-12100 CVE-2020-24386 CVE-2020-25275 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nextcloud fixes the following issues: - nextcloud was upgraded to version 20.0.7 - CVE-2020-8294: Fixed a missing link validation (boo#1181803) - CVE-2020-8295: Fixed a denial of service attack (boo#1181804) - CVE-2020-8293: Fixed an input validation issue (boo#1181445) Moderate SUSE bug 1181445 SUSE bug 1181803 SUSE bug 1181804 CVE-2020-8293 CVE-2020-8294 CVE-2020-8295 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for privoxy fixes the following issues: - Update to version 3.0.31: - Security/Reliability (boo#1181650) - Prevent an assertion from getting triggered by a crafted CGI request. Commit 5bba5b89193fa. OVE-20210130-0001. CVE-2021-20217 Reported by: Joshua Rogers (Opera) - Fixed a memory leak when decompression fails 'unexpectedly'. Commit f431d61740cc0. OVE-20210128-0001. CVE-2021-20216 - Bug fixes: - Fixed detection of insufficient data for decompression. Previously Privoxy could try to decompress a partly uninitialized buffer. Moderate SUSE bug 1181650 CVE-2021-20216 CVE-2021-20217 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Update to 88.0.4324.150 boo#1181827 - CVE-2021-21148: Heap buffer overflow in V8 Important SUSE bug 1181827 CVE-2021-21148 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-11-openjdk fixes the following issues: java-11-openjdk was upgraded to include January 2021 CPU (bsc#1181239) - Enable Sheandoah GC for x86_64 (jsc#ECO-3171) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1181239 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for firejail fixes the following issues: firejail 0.9.64.4 is shipped to openSUSE Leap 15.2 - CVE-2021-26910: Fixed root privilege escalation due to race condition (boo#1181990) Update to 0.9.64.4: * disabled overlayfs, pending multiple fixes * fixed launch firefox for open url in telegram-desktop.profile Update to 0.9.64.2: * allow --tmpfs inside $HOME for unprivileged users * --disable-usertmpfs compile time option * allow AF_BLUETOOTH via --protocol=bluetooth * setup guide for new users: contrib/firejail-welcome.sh * implement netns in profiles * added nolocal6.net IPv6 network filter * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM. Update to version 0.9.64: * replaced --nowrap option with --wrap in firemon * The blocking action of seccomp filters has been changed from killing the process to returning EPERM to the caller. To get the previous behaviour, use --seccomp-error-action=kill or syscall:kill syntax when constructing filters, or override in /etc/firejail/firejail.config file. * Fine-grained D-Bus sandboxing with xdg-dbus-proxy. xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. With this version nodbus is deprecated, in favor of dbus-user none and dbus-system none and will be removed in a future version. * DHCP client support * firecfg only fix dektop-files if started with sudo * SELinux labeling support * custom 32-bit seccomp filter support * restrict ${RUNUSER} in several profiles * blacklist shells such as bash in several profiles * whitelist globbing * mkdir and mkfile support for /run/user directory * support ignore for include * --include on the command line * splitting up media players whitelists in whitelist-players.inc * new condition: HAS_NOSOUND * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool * new profiles: desktopeditors, impressive, planmaker18, planmaker18free * new profiles: presentations18, presentations18free, textmaker18, teams * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski * new profiles: swell-foop, fdns, five-or-more, steam-runtime * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper * new profiles: gapplication, openarena_ded, element-desktop, cawbird * new profiles: freetube, strawberry, jitsi-meet-desktop * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send * new profiles: qrencode, ytmdesktop, twitch * new profiles: xournalpp, chromium-freeworld, equalx - Make the AppArmor profile compatible with AppArmor 3.0 (add missing include <tunables/global>) Update to 0.9.62.4 * fix AppArmor broken in the previous release * miscellaneous fixes Update to 0.9.62.2 * fix CVE-2020-17367 * fix CVE-2020-17368 Important SUSE bug 1181990 CVE-2020-17367 CVE-2020-17368 CVE-2021-26910 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for librepo fixes the following issues: - Upgrade to 1.12.1 + Validate path read from repomd.xml (bsc#1175475, CVE-2020-14352) - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl (rh#1775184) + Decode package URL when using for local filename (rh#1817130) + Fix memory leak in lr_download_metadata() and lr_yum_download_remote() + Download sources work when at least one of specified is working (rh#1775184) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1175475 CVE-2020-14352 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174075 SUSE bug 1176708 SUSE bug 1178801 SUSE bug 1178969 SUSE bug 1180243 SUSE bug 1180401 SUSE bug 1181730 SUSE bug 1181732 CVE-2020-15257 CVE-2021-21284 CVE-2021-21285 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for subversion fixes the following issues: - CVE-2020-17525: A null-pointer-dereference has been found in mod_authz_svn that results in a remote unauthenticated Denial-of-Service in some server configurations (bsc#1181687). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1181687 CVE-2020-17525 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1181742 CVE-2020-35498 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1181777 CVE-2021-0326 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: - Update to version 74.0.3911.107 - CHR-8311 Update chromium on desktop-stable-88-3911 to 88.0.4324.150 - DNA-90329 Implement client_capabilities negotiation for Flow / Sync - DNA-90560 [Search Tabs] Open Tabs On Top - DNA-90620 Add opauto tests for tab snoozing - DNA-90628 Update opauto tests after design changes - DNA-90818 Only 3 recently closed tabs are shown in a search mode - DNA-90911 Enable search-tabs-open-tabs-on-top on developer - DNA-90990 Crash at opera::AddressBarView::NotifyBoundsChanged() - DNA-90991 Opera doesn’t show version and ‘Relaunch’ button despite update is ready - DNA-91097 Crash at extensions::BrowserSidebarPrivateGetPremium ExtensionsInfoFunction::Run() - DNA-91163 [Win] “URL navigation filters” subpage doesn’t react on actions - DNA-91196 [Flow] Device capabilities is not properly saved in Local State - DNA-91276 Sidebar setup wont open - The update to chromium 88.0.4324.150 fixes following issues: - CVE-2021-21148 (1181827) Important SUSE bug 1181827 CVE-2021-21148 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mumble fixes the following issues: mumble was updated to 1.3.4: * Fix use of outdated (non-existent) notification icon names * Fix Security vulnerability caused by allowing non http/https URL schemes in public server list (boo#1182123) * Server: Fix Exit status for actions like --version or --supw * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation - update apparmor profiles to get warning free again on 15.2 - use abstractions for ssl files - allow inet dgram sockets as mumble can also work via udp - allow netlink socket (probably for dbus) - properly allow lsb_release again - add support for optional local include - start murmurd directly as user mumble-server it gets rid of the dac_override/setgid/setuid/chown permissions Update to upstream version 1.3.3 Client: * Fixed: Chatbox invisble (zero height) (#4388) * Fixed: Handling of invalid packet sizes (#4394) * Fixed: Race-condition leading to loss of shortcuts (#4430) * Fixed: Link in About dialog is now clickable again (#4454) * Fixed: Sizing issues in ACL-Editor (#4455) * Improved: PulseAudio now always samples at 48 kHz (#4449) Server: * Fixed: Crash due to problems when using PostgreSQL (#4370) * Fixed: Handling of invalid package sizes (#4392) Moderate SUSE bug 1180068 SUSE bug 1182123 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-bottle fixes the following issues: - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking (bsc#1182181). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1182181 CVE-2020-28473 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1182092 CVE-2021-26937 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for php7 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182049 CVE-2021-21702 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for buildah, libcontainers-common, podman fixes the following issues: Changes in libcontainers-common: - Update common to 0.33.0 - Update image to 5.9.0 - Update podman to 2.2.1 - Update storage to 1.24.5 - Switch to seccomp profile provided by common instead of podman - Update containers.conf to match latest version Changes in buildah: Update to version 1.19.2: * Update vendor of containers/storage and containers/common * Buildah inspect should be able to inspect manifests * Make buildah push support pushing manifests lists and digests * Fix handling of TMPDIR environment variable * Add support for --manifest flags * Upper directory should match mode of destination directory * Only grab the OS, Arch if the user actually specified them * Use --arch and --os and --variant options to select architecture and os * Cirrus: Track libseccomp and golang version * copier.PutOptions: add an 'IgnoreDevices' flag * fix: `rmi --prune` when parent image is in store. * build(deps): bump github.com/containers/storage from 1.24.3 to 1.24.4 * build(deps): bump github.com/containers/common from 0.31.1 to 0.31.2 * Allow users to specify stdin into containers * Drop log message on failure to mount on /sys file systems to info * Spelling * SELinux no longer requires a tag. * build(deps): bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0 * build(deps): bump github.com/containers/common from 0.31.0 to 0.31.1 * Update nix pin with `make nixpkgs` * Switch references of /var/run -> /run * Allow FROM to be overriden with from option * copier: don't assume we can chroot() on Unixy systems * copier: add PutOptions.NoOverwriteDirNonDir, Get/PutOptions.Rename * copier: handle replacing directories with not-directories * copier: Put: skip entries with zero-length names * build(deps): bump github.com/containers/storage from 1.24.2 to 1.24.3 * Add U volume flag to chown source volumes * Turn off PRIOR_UBUNTU Test until vm is updated * pkg, cli: rootless uses correct isolation * build(deps): bump github.com/onsi/gomega from 1.10.3 to 1.10.4 * update installation doc to reflect current status * Move away from using docker.io * enable short-name aliasing * build(deps): bump github.com/containers/storage from 1.24.1 to 1.24.2 * build(deps): bump github.com/containers/common from 0.30.0 to 0.31.0 * Throw errors when using bogus --network flags * pkg/supplemented test: replace our null blobinfocache * build(deps): bump github.com/containers/common from 0.29.0 to 0.30.0 * inserts forgotten quotation mark * Not prefer use local image create/add manifest * Add container information to .containerenv * Add --ignorefile flag to use alternate .dockerignore flags * Add a source debug build * Fix crash on invalid filter commands * build(deps): bump github.com/containers/common from 0.27.0 to 0.29.0 * Switch to using containers/common pkg's * fix: non-portable shebang #2812 * Remove copy/paste errors that leaked `Podman` into man pages. * Add suggests cpp to spec file * Apply suggestions from code review * update docs for debian testing and unstable * imagebuildah: disable pseudo-terminals for RUN * Compute diffID for mapped-layer at creating image source * intermediateImageExists: ignore images whose history we can't read * Bump to v1.19.0-dev * build(deps): bump github.com/containers/common from 0.26.3 to 0.27.0 * Fix testing error caused by simultanious merge * Vendor in containers/storage v1.24.0 * short-names aliasing * Add --policy flag to buildah pull * Stop overwrapping and stuttering * copier.Get(): ignore ENOTSUP/ENOSYS when listing xattrs * Run: don't forcibly disable UTS namespaces in rootless mode * test: ensure non-directory in a Dockerfile path is handled correctly * Add a few tests for `pull` command * Fix buildah config --cmd to handle array * build(deps): bump github.com/containers/storage from 1.23.8 to 1.23.9 * Fix NPE when Dockerfile path contains non-directory entries * Update buildah bud man page from podman build man page * Move declaration of decryption-keys to common cli * Run: correctly call copier.Mkdir * util: digging UID/GID out of os.FileInfo should work on Unix * imagebuildah.getImageTypeAndHistoryAndDiffIDs: cache results * Verify userns-uid-map and userns-gid-map input * Use CPP, CC and flags in dep check scripts * Avoid overriding LDFLAGS in Makefile * ADD: handle --chown on URLs * Update nix pin with `make nixpkgs` * (*Builder).Run: MkdirAll: handle EEXIST error * copier: try to force loading of nsswitch modules before chroot() * fix MkdirAll usage * build(deps): bump github.com/containers/common from 0.26.2 to 0.26.3 * build(deps): bump github.com/containers/storage from 1.23.7 to 1.23.8 * Use osusergo build tag for static build * imagebuildah: cache should take image format into account * Bump to v1.18.0-dev Update to version 1.17.1: * copier.Get(): ignore ENOTSUP/ENOSYS when listing xattrs * copier: try to force loading of nsswitch modules before chroot() * ADD: handle --chown on URLs * imagebuildah: cache should take image format into account * Update CI configuration for the release-1.17 branch added cni to requires as its needed for buildah to run Update to v1.17.0 (boo#1165184) * Handle cases where other tools mount/unmount containers * overlay.MountReadOnly: support RO overlay mounts * overlay: use fusermount for rootless umounts * overlay: fix umount * Switch default log level of Buildah to Warn. Users need to see these messages * Drop error messages about OCI/Docker format to Warning level * build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2 * tests/testreport: adjust for API break in storage v1.23.6 * build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7 * build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6 * copier: put: ignore Typeflag='g' * Use curl to get repo file (fix #2714) * build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0 * build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1 * Remove docs that refer to bors, since we're not using it * Buildah bud should not use stdin by default * bump containerd, docker, and golang.org/x/sys * Makefile: cross: remove windows.386 target * copier.copierHandlerPut: don't check length when there are errors * Stop excessive wrapping * CI: require that conformance tests pass * bump(github.com/openshift/imagebuilder) to v1.1.8 * Skip tlsVerify insecure BUILD_REGISTRY_SOURCES * Fix build path wrong containers/podman#7993 * refactor pullpolicy to avoid deps * build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0 * CI: run gating tasks with a lot more memory * ADD and COPY: descend into excluded directories, sometimes * copier: add more context to a couple of error messages * copier: check an error earlier * copier: log stderr output as debug on success * Update nix pin with make nixpkgs * Set directory ownership when copied with ID mapping * build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0 * build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0 * Cirrus: Remove bors artifacts * Sort build flag definitions alphabetically * ADD: only expand archives at the right time * Remove configuration for bors * Shell Completion for podman build flags * Bump c/common to v0.24.0 * New CI check: xref --help vs man pages * CI: re-enable several linters * Move --userns-uid-map/--userns-gid-map description into buildah man page * add: preserve ownerships and permissions on ADDed archives * Makefile: tweak the cross-compile target * Bump containers/common to v0.23.0 * chroot: create bind mount targets 0755 instead of 0700 * Change call to Split() to safer SplitN() * chroot: fix handling of errno seccomp rules * build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0 * Add In Progress section to contributing * integration tests: make sure tests run in ${topdir}/tests * Run(): ignore containers.conf's environment configuration * Warn when setting healthcheck in OCI format * Cirrus: Skip git-validate on branches * tools: update git-validation to the latest commit * tools: update golangci-lint to v1.18.0 * Add a few tests of push command * Add(): fix handling of relative paths with no ContextDir * build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0 * Lint: Use same linters as podman * Validate: reference HEAD * Fix buildah mount to display container names not ids * Update nix pin with make nixpkgs * Add missing --format option in buildah from man page * Fix up code based on codespell * build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7 * build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5 * Improve buildah completions * Cirrus: Fix validate commit epoch * Fix bash completion of manifest flags * Uniform some man pages * Update Buildah Tutorial to address BZ1867426 * Update bash completion of manifest add sub command * copier.Get(): hard link targets shouldn't be relative paths * build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2 * Pass timestamp down to history lines * Timestamp gets updated everytime you inspect an image * bud.bats: use absolute paths in newly-added tests * contrib/cirrus/lib.sh: don't use CN for the hostname * tests: Add some tests * Update manifest add man page * Extend flags of manifest add * build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4 * build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1 * Bump to v1.17.0-dev * CI: expand cross-compile checks - SLE: Remove unneeded patch: CVE-2019-10214.patch Update to v1.16.2 * fix build on 32bit arches * containerImageRef.NewImageSource(): don't always force timestamps * Add fuse module warning to image readme * Heed our retry delay option values when retrying commit/pull/push * Switch to containers/common for seccomp * Use --timestamp rather then --omit-timestamp * docs: remove outdated notice * docs: remove outdated notice * build-using-dockerfile: add a hidden --log-rusage flag * build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2 * Discard ReportWriter if user sets options.Quiet * build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3 * Fix ownership of content copied using COPY --from * newTarDigester: zero out timestamps in tar headers * Update nix pin with `make nixpkgs` * bud.bats: correct .dockerignore integration tests * Use pipes for copying * run: include stdout in error message * run: use the correct error for errors.Wrapf * copier: un-export internal types * copier: add Mkdir() * in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE * docs/buildah-commit.md: tweak some wording, add a --rm example * imagebuildah: don’t blank out destination names when COPYing * Replace retry functions with common/pkg/retry * StageExecutor.historyMatches: compare timestamps using .Equal * Update vendor of containers/common * Fix errors found in coverity scan * Change namespace handling flags to better match podman commands * conformance testing: ignore buildah.BuilderIdentityAnnotation labels * Vendor in containers/storage v1.23.0 * Add buildah.IsContainer interface * Avoid feeding run_buildah to pipe * fix(buildahimage): add xz dependency in buildah image * Bump github.com/containers/common from 0.15.2 to 0.18.0 * Howto for rootless image building from OpenShift * Add --omit-timestamp flag to buildah bud * Update nix pin with `make nixpkgs` * Shutdown storage on failures * Handle COPY --from when an argument is used * Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0 * Cirrus: Use newly built VM images * Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92 * Enhance the .dockerignore man pages * conformance: add a test for COPY from subdirectory * fix bug manifest inspct * Add documentation for .dockerignore * Add BuilderIdentityAnnotation to identify buildah version * DOC: Add quay.io/containers/buildah image to README.md * Update buildahimages readme * fix spelling mistake in 'info' command result display * Don't bind /etc/host and /etc/resolv.conf if network is not present * blobcache: avoid an unnecessary NewImage() * Build static binary with `buildGoModule` * copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit * tarFilterer: handle multiple archives * Fix a race we hit during conformance tests * Rework conformance testing * Update 02-registries-repositories.md * test-unit: invoke cmd/buildah tests with --flags * parse: fix a type mismatch in a test * Fix compilation of tests/testreport/testreport * build.sh: log the version of Go that we're using * test-unit: increase the test timeout to 40/45 minutes * Add the 'copier' package * Fix & add notes regarding problematic language in codebase * Add dependency on github.com/stretchr/testify/require * CompositeDigester: add the ability to filter tar streams * BATS tests: make more robust * vendor golang.org/x/text@v0.3.3 * Switch golang 1.12 to golang 1.13 * imagebuildah: wait for stages that might not have even started yet * chroot, run: not fail on bind mounts from /sys * chroot: do not use setgroups if it is blocked * Set engine env from containers.conf * imagebuildah: return the right stage's image as the 'final' image * Fix a help string * Deduplicate environment variables * switch containers/libpod to containers/podman * Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3 * Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0 * Mask out /sys/dev to prevent information leak * linux: skip errors from the runtime kill * Mask over the /sys/fs/selinux in mask branch * Add VFS additional image store to container * tests: add auth tests * Allow 'readonly' as alias to 'ro' in mount options * Ignore OS X specific consistency mount option * Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0 * Bump github.com/containers/common from 0.14.0 to 0.15.2 * Rootless Buildah should default to IsolationOCIRootless * imagebuildah: fix inheriting multi-stage builds * Make imagebuildah.BuildOptions.Architecture/OS optional * Make imagebuildah.BuildOptions.Jobs optional * Resolve a possible race in imagebuildah.Executor.startStage() * Switch scripts to use containers.conf * Bump openshift/imagebuilder to v1.1.6 * Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5 * buildah, bud: support --jobs=N for parallel execution * executor: refactor build code inside new function * Add bud regression tests * Cirrus: Fix missing htpasswd in registry img * docs: clarify the 'triples' format * CHANGELOG.md: Fix markdown formatting * Add nix derivation for static builds Update to v1.15.1 * Mask over the /sys/fs/selinux in mask branch * chroot: do not use setgroups if it is blocked * chroot, run: not fail on bind mounts from /sys * Allow 'readonly' as alias to 'ro' in mount options * Add VFS additional image store to container * vendor golang.org/x/text@v0.3.3 * Make imagebuildah.BuildOptions.Architecture/OS optional Update to v1.15.0 * Add CVE-2020-10696 to CHANGELOG.md and changelog.txt * fix lighttpd example * remove dependency on openshift struct * Warn on unset build arguments * vendor: update seccomp/containers-golang to v0.4.1 * Updated docs * clean up comments * update exit code for tests * Implement commit for encryption * implementation of encrypt/decrypt push/pull/bud/from * fix resolve docker image name as transport * Add preliminary profiling support to the CLI * Evaluate symlinks in build context directory * fix error info about get signatures for containerImageSource * Add Security Policy * Cirrus: Fixes from review feedback * imagebuildah: stages shouldn't count as their base images * Update containers/common v0.10.0 * Add registry to buildahimage Dockerfiles * Cirrus: Use pre-installed VM packages + F32 * Cirrus: Re-enable all distro versions * Cirrus: Update to F31 + Use cache images * golangci-lint: Disable gosimple * Lower number of golangci-lint threads * Fix permissions on containers.conf * Don't force tests to use runc * Return exit code from failed containers * cgroup_manager should be under [engine] * Use c/common/pkg/auth in login/logout * Cirrus: Temporarily disable Ubuntu 19 testing * Add containers.conf to stablebyhand build * Update gitignore to exclude test Dockerfiles * Remove warning for systemd inside of container - Add patch for CVE-2019-10214. boo#1144065 + CVE-2019-10214.patch Changes in podman: Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. Moderate SUSE bug 1144065 SUSE bug 1165184 CVE-2019-10214 CVE-2020-10696 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tor fixes the following issues: tor was updated to 0.4.5.6: * https://lists.torproject.org/pipermail/tor-announce/2021-February/000214.html * Introduce a new MetricsPort HTTP interface * Support IPv6 in the torrc Address option * Add event-tracing library support for USDT and LTTng-UST * Try to read N of N bytes on a TLS connection tor was updated to 0.4.4.7: * https://blog.torproject.org/node/1990 * Stop requiring a live consensus for v3 clients and services * Re-entry into the network is now denied at the Exit level * Fix undefined behavior on our Keccak library * Strip '\r' characters when reading text files on Unix platforms * Handle partial SOCKS5 messages correctly * Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741) Moderate SUSE bug 1178741 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-djangorestframework fixes the following issues: Update to 3.11.2 * Security: Drop urlize_quoted_links template tag in favour of Django's built-in urlize. Removes a XSS vulnerability for some kinds of content in the browsable API. (boo#1177205, CVE-2020-25626) * update Django for APIs book to 3.0 edition * decode base64 credentials as utf8; adjust tests * Remove compat urls for Django < 2.0 Important SUSE bug 1177205 CVE-2020-25626 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system (bsc#1180947). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1180947 CVE-2021-24122 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Moderate SUSE bug 1176262 SUSE bug 1179756 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.7.1 ESR (bsc#1181848) - Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. - Buffer overflow in depth pitch calculations for compressed textures Low SUSE bug 1181848 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql, postgresql13 fixes the following issues: This update ships postgresql13. Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html - bsc#1178961: %ghost the symlinks to pg_config and ecpg. Changes in postgresql wrapper package: - Bump major version to 13. - We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94. - Also conflict with PostgreSQL versions before 9. - Conflicting with older versions is not limited to SLE. This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 SUSE bug 1178961 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 (bsc#1166481) - lib: Add nghttp2_check_authority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static and dynamic lib - build: Add new flag ENABLE_STATIC_CRT for Windows - build: cmake: Support building nghttpx with systemd - third-party: Update neverbleed to fix memory leak - nghttpx: Fix bug that mruby is incorrectly shared between backends - nghttpx: Reconnect h1 backend if it lost connection before sending headers - nghttpx: Returns 408 if backend timed out before sending headers - nghttpx: Fix request stal This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1159003 SUSE bug 1166481 CVE-2019-18802 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gnuplot fixes the following issues: - CVE-2020-25559: Fixed double free when executing print_set_output() (bsc#1176689). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176689 CVE-2020-25559 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Allow `extra_filerefs` as sanitized `kwargs` for SSH client - Fix errors with virt.update - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - virt: search for `grub.xen` path - Xen spicevmc, DNS SRV records backports: - Fix virtual network generated DNS XML for SRV records - Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when `efi=True` This update was imported from the SUSE:SLE-15-SP2:Update update project. Critical SUSE bug 1181550 SUSE bug 1181556 SUSE bug 1181557 SUSE bug 1181558 SUSE bug 1181559 SUSE bug 1181560 SUSE bug 1181561 SUSE bug 1181562 SUSE bug 1181563 SUSE bug 1181564 SUSE bug 1181565 SUSE bug 1182740 CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for pcp fixes the following issues: - Drop unnecessary %pre/%post recursive chown calls (bsc#1152533) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1152533 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182066 CVE-2020-36242 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs14 fixes the following issues: - New upstream LTS version 14.16.0: * CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) * CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182619 SUSE bug 1182620 CVE-2021-22883 CVE-2021-22884 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs12 fixes the following issues: New upstream LTS version 12.21.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182333 SUSE bug 1182619 SUSE bug 1182620 CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178386 SUSE bug 1179694 SUSE bug 1179721 SUSE bug 1180038 SUSE bug 1181505 SUSE bug 1182117 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-3326 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for qemu fixes the following issues: - Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523) - Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719) - Fixed 'Failed to try-restart qemu-ga@.service' error while updating the qemu-guest-agent. (bsc#1178565) - Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. Add more qemu tracing which helped track down these issues (bsc#1178049) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1178049 SUSE bug 1178565 SUSE bug 1179717 SUSE bug 1179719 SUSE bug 1180523 SUSE bug 1181639 SUSE bug 1181933 SUSE bug 1182137 CVE-2020-11947 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1180827 CVE-2021-26720 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs10 fixes the following issues: New upstream LTS version 10.24.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1182333 SUSE bug 1182619 SUSE bug 1182620 CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1181239 CVE-2020-14803 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246] This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for webkit2gtk3 fixes the following issues: Update to version 2.30.5 (bsc#1182286): + Bring back the WebKitPluginProcess installation that was removed by mistake. + Fix RunLoop objects leaked in worker threads. + Fix aarch64 llint build with JIT disabled. + Use Internet Explorer quirk for Google Docs. + Security fixes: CVE-2020-13558. This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182286 CVE-2020-13558 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ImageMagick fixes the following issues: - CVE-2021-20241 [bsc#1182335]: Division by zero in WriteJP2Image() in coders/jp2.c - CVE-2021-20243 [bsc#1182336]: Division by zero in GetResizeFilterWeight in MagickCore/resize.c - CVE-2021-20244 [bsc#1182325]: Division by zero in ImplodeImage in MagickCore/visual-effects.c - CVE-2021-20246 [bsc#1182337]: Division by zero in ScaleResampleFilter in MagickCore/resample.c This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1182325 SUSE bug 1182335 SUSE bug 1182336 SUSE bug 1182337 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mbedtls fixes the following issues: - mbedtls was updated to version 2.16.9 - CVE-2020-10932: Fixed side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) to fully recover an ECDSA private key (boo#1181468). Moderate SUSE bug 1181468 CVE-2020-10932 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bind fixes the following issues: - dnssec-keygen can no longer generate HMAC keys. Use tsig-keygen instead. [bsc#1180933] This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180933 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.8 * fixed: Importing an address book from a CSV file always reported an error * fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved * fixed: Calendar: FileLink UI fixes for Caldav calendars * fixed: Recurring tasks were always marked incomplete; unable to use filters * fixed: Various UI widgets not working * fixed: Dark theme improvements * fixed: Extension manager was missing link to addon support web page * fixed: Various security fixes MFSA 2021-09 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs8 fixes the following issues: - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1182620 CVE-2021-22884 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gnome-autoar fixes the following issues: - CVE-2020-36241: Skip problematic files that might be extracted outside of the destination dir to prevent potential directory traversal (bsc#1181930). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1181930 CVE-2020-36241 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Update to 89.0.4389.72 (boo#1182358, boo#1182960): - CVE-2021-21159: Heap buffer overflow in TabStrip. - CVE-2021-21160: Heap buffer overflow in WebAudio. - CVE-2021-21161: Heap buffer overflow in TabStrip. - CVE-2021-21162: Use after free in WebRTC. - CVE-2021-21163: Insufficient data validation in Reader Mode. - CVE-2021-21164: Insufficient data validation in Chrome for iOS. - CVE-2021-21165: Object lifecycle issue in audio. - CVE-2021-21166: Object lifecycle issue in audio. - CVE-2021-21167: Use after free in bookmarks. - CVE-2021-21168: Insufficient policy enforcement in appcache. - CVE-2021-21169: Out of bounds memory access in V8. - CVE-2021-21170: Incorrect security UI in Loader. - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. - CVE-2021-21172: Insufficient policy enforcement in File System API. - CVE-2021-21173: Side-channel information leakage in Network Internals. - CVE-2021-21174: Inappropriate implementation in Referrer. - CVE-2021-21175: Inappropriate implementation in Site isolation. - CVE-2021-21176: Inappropriate implementation in full screen mode. - CVE-2021-21177: Insufficient policy enforcement in Autofill. - CVE-2021-21178: Inappropriate implementation in Compositing. - CVE-2021-21179: Use after free in Network Internals. - CVE-2021-21180: Use after free in tab search. - CVE-2020-27844: Heap buffer overflow in OpenJPEG. - CVE-2021-21181: Side-channel information leakage in autofill. - CVE-2021-21182: Insufficient policy enforcement in navigations. - CVE-2021-21183: Inappropriate implementation in performance APIs. - CVE-2021-21184: Inappropriate implementation in performance APIs. - CVE-2021-21185: Insufficient policy enforcement in extensions. - CVE-2021-21186: Insufficient policy enforcement in QR scanning. - CVE-2021-21187: Insufficient data validation in URL formatting. - CVE-2021-21188: Use after free in Blink. - CVE-2021-21189: Insufficient policy enforcement in payments. - CVE-2021-21190: Uninitialized Use in PDFium. - CVE-2021-21149: Stack overflow in Data Transfer. - CVE-2021-21150: Use after free in Downloads. - CVE-2021-21151: Use after free in Payments. - CVE-2021-21152: Heap buffer overflow in Media. - CVE-2021-21153: Stack overflow in GPU Process. - CVE-2021-21154: Heap buffer overflow in Tab Strip. - CVE-2021-21155: Heap buffer overflow in Tab Strip. - CVE-2021-21156: Heap buffer overflow in V8. - CVE-2021-21157: Use after free in Web Sockets. - Fixed Sandbox with glibc 2.33 (boo#1182233) - Fixed an issue where chromium hangs on opening (boo#1182775). Important SUSE bug 1182233 SUSE bug 1182358 SUSE bug 1182775 CVE-2020-27844 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21164 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Linux Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720). - CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735). - CVE-2020-12364: Fixed a null pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ). - CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - ACPICA: Fix exception code class checks (git-fixes). - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes). - ACPI: property: Fix fwnode string properties matching (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes). - ALSA: hda: Add another CometLake-H PCI ID (git-fixes). - ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes). - ALSA: pcm: Call sync_stop at disconnection (git-fixes). - ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes). - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes). - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes). - ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes). - ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes). - ALSA: usb-audio: More strict state change in EP (git-fixes). - amba: Fix resource leak for drivers without .remove (git-fixes). - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - armv7hl: lpae: Update config files. Disable KVM support (bsc#1182697) - ASoC: cpcap: fix microphone timeslot mask (git-fixes). - ASoC: cs42l56: fix up error handling in probe (git-fixes). - ASoC: simple-card-utils: Fix device module clock (git-fixes). - ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes). - ata: ahci_brcm: Add back regulators management (git-fixes). - ata: sata_nv: Fix retrieving of active qcs (git-fixes). - ath10k: Fix error handling in case of CE pipe init failure (git-fixes). - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes). - bcache: fix overflow in offset_to_stripe() (git-fixes). - blk-mq: call commit_rqs while list empty but error happen (bsc#1182442). - blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443). - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444). - block: fix inflight statistics of part0 (bsc#1182445). - block: respect queue limit of max discard segment (bsc#1182441). - block: virtio_blk: fix handling single range discard request (bsc#1182439). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes). - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes). - Bluetooth: drop HCI device reference before return (git-fixes). - Bluetooth: Fix initializing response id after clearing struct (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes). - bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (git-fixes). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes). - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518). - bpf, cgroup: Fix problematic bounds check (bsc#1155518). - btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626). - btrfs: Cleanup try_flush_qgroup (bsc#1182047). - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574). - btrfs: fix race between RO remount and the cleaner task (bsc#1182626). - btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626). - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626). - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: lift read-write mount setup from mount and remount (bsc#1182626). - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626). - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - caif: no need to check return value of debugfs_create functions (git-fixes). - ceph: fix flush_snap logic after putting caps (bsc#1182854). - cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683). - cgroup: fix psi monitor for root cgroup (bsc#1182686). - cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684). - chelsio/chtls: correct function return and return type (git-fixes). - chelsio/chtls: correct netdevice for vlan interface (git-fixes). - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes). - chelsio/chtls: fix always leaking ctrl_skb (git-fixes). - chelsio/chtls: fix deadlock issue (git-fixes). - chelsio/chtls: fix memory leaks caused by a race (git-fixes). - chelsio/chtls: fix memory leaks in CPL handlers (git-fixes). - chelsio/chtls: fix panic during unload reload chtls (git-fixes). - chelsio/chtls: fix socket lock (git-fixes). - chelsio/chtls: fix tls record info to user (git-fixes). - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268). - chtls: Added a check to avoid NULL pointer dereference (git-fixes). - chtls: Fix chtls resources release sequence (git-fixes). - chtls: Fix hardware tid leak (git-fixes). - chtls: Fix panic when route to peer not configured (git-fixes). - chtls: Remove invalid set_tcb call (git-fixes). - chtls: Replace skb_dequeue with skb_peek (git-fixes). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: fix nodfs mount option (bsc#1181710). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes). - clk: meson: clk-pll: make 'ret' a signed integer (git-fixes). - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes). - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes). - clk: sunxi-ng: h6: Fix CEC clock (git-fixes). - clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes). - clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes). - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes). - cpuset: fix race between hotplug work and later CPU offline (bsc#1182676). - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes). - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4: fix all-mask IP address comparison (git-fixes). - cxgb4: fix checks for max queues to allocate (git-fixes). - cxgb4: fix endian conversions for L4 ports in filters (git-fixes). - cxgb4: fix set but unused variable when DCB is disabled (git-fixes). - cxgb4: fix SGE queue dump destination buffer context (git-fixes). - cxgb4: fix the panic caused by non smac rewrite (git-fixes). - cxgb4: move DCB version extern to header file (git-fixes). - cxgb4: move handling L2T ARP failures to caller (git-fixes). - cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes). - cxgb4: parse TC-U32 key values and masks natively (git-fixes). - cxgb4: remove cast when saving IPv4 partial checksum (git-fixes). - cxgb4: set up filter action after rewrites (git-fixes). - cxgb4: use correct type for all-mask IP address comparison (git-fixes). - cxgb4: use unaligned conversion for fetching timestamp (git-fixes). - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes). - dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes). - dmaengine: hsu: disable spurious interrupt (git-fixes). - dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes). - dm crypt: avoid truncating the logical block size (git-fixes). - dm: fix bio splitting and its bio completion order for regular IO (git-fixes). - dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529). - dm thin metadata: fix lockdep complaint (bsc#1177529). - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529). - dm: use noio when sending kobject event (bsc#1177529). - docs: filesystems: vfs: correct flag name (bsc#1182856). - dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes). - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes). - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes). - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes). - drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes). - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes). - drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes). - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes). - drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes). - drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes). - drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes). - drm/gma500: Fix error return code in psb_driver_load() (git-fixes). - drm/meson: Unbind all connectors on module removal (bsc#1152472) - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472) - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472) - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472) - drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472) - drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489) - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes). - exfat: Avoid allocating upcase table using kcalloc() (git-fixes). - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464). - ext4: fix a memory leak of ext4_free_data (bsc#1182447). - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449). - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463). - ext4: fix superblock checksum failure when setting password salt (bsc#1182465). - ext4: prevent creating duplicate encrypted filenames (bsc#1182446). - fgraph: Initialize tracing_graph_pause at task creation (git-fixes). - firmware_loader: align .builtin_fw to 8 (git-fixes). - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446). - fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446). - fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466). - gma500: clean up error handling in init (git-fixes). - gpio: pcf857x: Fix missing first interrupt (git-fixes). - HID: core: detect and skip invalid inputs to snto32() (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes). - hwrng: timeriomem - Fix cooldown period calculation (git-fixes). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - i2c: iproc: handle only slave interrupts which are enabled (git-fixes). - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes). - i2c: stm32f7: fix configuration of the digital filter (git-fixes). - i3c: master: dw: Drop redundant disec call (git-fixes). - i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025). - i40e: avoid premature Rx buffer reuse (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - i40e: Revert 'i40e: do not report link up for a VF who hasn't enabled queues' (jsc#SLE-8025). - iavf: fix double-release of rtnl_lock (git-fixes). - iavf: fix error return code in iavf_init_get_resources() (git-fixes). - iavf: fix speed reporting over virtchnl (git-fixes). - iavf: Fix updating statistics (git-fixes). - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591). - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591). - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: device remove has higher precedence over reset (bsc#1065729). - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591). - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960). - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: serialize access to work queue on remove (bsc#1065729). - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591). - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290). - ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926). - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926). - igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes). - igc: fix link speed advertising (git-fixes). - igc: Fix returning wrong statistics (git-fixes). - igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes). - include/linux/memremap.h: remove stale comments (git-fixes). - Input: elo - fix an error code in elo_connect() (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - Input: joydev - prevent potential read overflow in ioctl (git-fixes). - Input: sur40 - fix an error code in sur40_probe() (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes). - iwlwifi: mvm: guard against device removal in reprobe (git-fixes). - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes). - iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes). - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes). - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes). - iwlwifi: pcie: fix context info memory leak (git-fixes). - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes). - ixgbe: avoid premature Rx buffer reuse (git-fixes). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes). - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191). - kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine. - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818). - KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818). - KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489). - KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380). - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX: Emulate MTF when performing instruction emulation' (bsc#1182380). - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995). - KVM: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770). - KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800). - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381). - KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374). - KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801). - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406). - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599). - linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes). - mac80211: 160MHz with extended NSS BW in CSA (git-fixes). - mac80211: fix fast-rx encryption check (git-fixes). - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes). - mac80211: pause TX while changing interface type (git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost. - MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290). - matroxfb: avoid -Warray-bounds warning (bsc#1152472) - media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes). - media: camss: missing error code in msm_video_register() (git-fixes). - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes). - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes). - media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes). - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes). - media: lmedm04: Fix misuse of comma (git-fixes). - media: media/pci: Fix memleak in empress_init (git-fixes). - media: mt9v111: Remove unneeded device-managed puts (git-fixes). - media: pwc: Use correct device for DMA (bsc#1181133). - media: pxa_camera: declare variable when DEBUG is defined (git-fixes). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes). - media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes). - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes). - media: vsp1: Fix an error handling path in the probe function (git-fixes). - mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes). - memory: ti-aemif: Drop child node when jumping out loop (git-fixes). - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes). - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes). - mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes). - mlxsw: core: Fix memory leak on module removal (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes). - mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes). - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes). - mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes). - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273). - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes). - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273). - mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes). - net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes). - net: axienet: Fix error return code in axienet_probe() (git-fixes). - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - net: bcmgenet: set Rx mode before starting netif (git-fixes). - net: bcmgenet: use hardware padding of runt frames (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes). - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes). - net: dsa: mt7530: set CPU port to fallback mode (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: ave: Fix error returns in ave_init (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes). - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes). - net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes). - net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes). - net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353). - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (git-fixes). - net: hns3: add reset check for VF updating port based VLAN (git-fixes). - net: hns3: clear port base VLAN when unload PF (git-fixes). - net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes). - net: hns3: fix a TX timeout issue (git-fixes). - net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes). - net: hns3: fix for mishandle of asserting VF reset fail (git-fixes). - net: hns3: fix for VLAN config when reset failed (git-fixes). - net: hns3: fix RSS config lost after VF reset (git-fixes). - net: hns3: fix set and get link ksettings issue (git-fixes). - net: hns3: fix 'tc qdisc del' failed issue (git-fixes). - net: hns3: fix the number of queues actually used by ARQ (git-fixes). - net: hns3: fix use-after-free when doing self test (git-fixes). - net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes). - net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes). - net: macb: mark device wake capable when 'magic-packet' property present (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net/mlx5: Add handling of port type in rule deletion (git-fixes). - net/mlx5: Annotate mutex destroy for root ns (git-fixes). - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes). - net/mlx5: Do not maintain a case of del_sw_func being null (git-fixes). - net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes). - net/mlx5e: Do not trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes). - net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes). - net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes). - net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (git-fixes). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes). - net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes). - net/mlx5e: Reduce tc unsupported key print level (git-fixes). - net/mlx5e: Rename hw_modify to preactivate (git-fixes). - net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). - net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes). - net/mlx5e: Use preactivate hook to set the indirection table (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net/mlx5: Fix deletion of duplicate rules (git-fixes). - net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes). - net/mlx5: Fix memory leak on flow table creation error flow (git-fixes). - net/mlx5: Fix request_irqs error flow (git-fixes). - net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes). - net: mscc: ocelot: fix address ageing time (again) (git-fixes). - net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: disable force link UP during port init procedure (git-fixes). - net: mvpp2: Fix error return code in mvpp2_open() (git-fixes). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: mvpp2: Remove Pause and Asym_Pause support (git-fixes). - net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes). - net: netsec: Correct dma sync for XDP_TX frames (git-fixes). - net: nixge: fix potential memory leak in nixge_probe() (git-fixes). - net: octeon: mgmt: Repair filling of RX ring (git-fixes). - net: phy: at803x: use operating parameters from PHY-specific status (git-fixes). - net: phy: extract link partner advertisement reading (git-fixes). - net: phy: extract pause mode (git-fixes). - net: phy: marvell10g: fix null pointer dereference (git-fixes). - net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes). - net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes). - net: qca_spi: fix receive buffer size check (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net: qede: fix PTP initialization on recovery (git-fixes). - net: qede: fix use-after-free on recovery and AER handling (git-fixes). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix async event callbacks unregistering (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix 'maybe uninitialized' warning (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qed: RDMA personality shouldn't fail VF load (git-fixes). - net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293). - net: rmnet: do not allow to add multiple bridge interfaces (git-fixes). - net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes). - net: rmnet: fix bridge mode bugs (git-fixes). - net: rmnet: fix lower interface leak (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes). - net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes). - net: rmnet: fix suspicious RCU usage (git-fixes). - net: rmnet: print error message when command fails (git-fixes). - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes). - net: rmnet: use upper/lower device infrastructure (git-fixes). - net, sctp, filter: remap copy_from_user failure error (bsc#1181637). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Always arm TX Timer at end of transmission start (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: fix disabling flexible PPS output (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: Fix the TX IOC in xmit path (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes). - net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes). - net: stmmac: xgmac: Clear previous RX buffer size (git-fixes). - net: sun: fix missing release regions in cas_init_one() (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes). - net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). - nvme-hwmon: rework to avoid devm allocation (bsc#1177326). - nvme-multipath: Early exit if no path is available (bsc#1180964). - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137). - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547). - objtool: Do not fail on missing symbol table (bsc#1169514). - perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989). - perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989). - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989). - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989). - phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes). - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes). - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes). - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345). - powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395). - powerpc: Fix alignment bug within the init sections (bsc#1065729). - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729). - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624). - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080). - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080). - powerpc/powernv/memtrace: Do not leak kernel memory to user space (bsc#1156395). - powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395). - powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395). - powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan (bsc#1182602 ltc#190924). - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074). - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900). - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes). - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes). - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - qed: fix error return code in qed_iwarp_ll2_start() (git-fixes). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes). - qed: Populate nvm-file attributes while reading nvm config partition (git-fixes). - qed: select CONFIG_CRC32 (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - quota: Fix memory leak when handling corrupted quota file (bsc#1182650). - quota: Sanity-check quota file headers on load (bsc#1182461). - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes). - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes). - rcu/nocb: Perform deferred wake up before last idle's (git-fixes) - rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes) - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes) - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248). - RDMA/efa: Count admin commands errors (bsc#1176248). - RDMA/efa: Count mmap failures (bsc#1176248). - RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248). - RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248). - RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248). - RDMA/efa: Expose minimum SQ size (bsc#1176248). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248). - RDMA/efa: Properly document the interrupt mask register (bsc#1176248). - RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248). - RDMA/efa: Report create CQ error counter (bsc#1176248). - RDMA/efa: Report host information to the device (bsc#1176248). - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248). - RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248). - RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248). - RDMA/efa: Use the correct current and new states in modify QP (git-fixes). - regulator: axp20x: Fix reference cout leak (git-fixes). - regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes). - regulator: core: avoid regulator_resolve_supply() race condition (git-fixes). - regulator: Fix lockdep warning resolving supplies (git-fixes). - regulator: s5m8767: Drop regulators OF node reference (git-fixes). - regulator: s5m8767: Fix reference count leak (git-fixes). - reiserfs: add check for an invalid ih_entry_count (bsc#1182462). - Remove debug patch for boot failure (bsc#1182602 ltc#190924). - reset: hisilicon: correct vendor prefix (git-fixes). - Revert 'ibmvnic: remove never executed if statement' (jsc#SLE-17043 bsc#1179243 ltc#189290). - Revert 'net: bcmgenet: remove unused function in bcmgenet.c' (git-fixes). - Revert 'platform/x86: ideapad-laptop: Switch touchpad attribute to be RO' (git-fixes). - Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace deletion' (jsc#SLE-8464). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - rtc: s5m: select REGMAP_I2C (git-fixes). - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9). - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes). - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes). - sched: Reenable interrupts in do_sched_yield() (git-fixes) - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958). - sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - smsc95xx: check return value of smsc95xx_reset (git-fixes). - soc: aspeed: snoop: Add clock control logic (git-fixes). - spi: atmel: Put allocated master before return (git-fixes). - spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes). - spi: spi-synquacer: fix set_cs handling (git-fixes). - spi: stm32: properly handle 0 byte transfer (git-fixes). - squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266). - squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267). - squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes). - target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - tpm: Remove tpm_dev_wq_lock (git-fixes). - tpm_tis: Clean up locality release (git-fixes). - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes). - tracing: Check length before giving out the filter buffer (git-fixes). - tracing: Do not count ftrace events in top level enable output (git-fixes). - tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes). - tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes). - ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459). - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454). - ubifs: prevent creating duplicate encrypted filenames (bsc#1182457). - ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456). - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455). - ubifs: wbuf: Do not leak kernel memory to flash (bsc#1182458). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: armv7hl: Set ledtrig-default-on as builtin (bsc#1182128) - Update config files: Set ledtrig-default-on as builtin (bsc#1182128) - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes). - USB: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes). - USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes). - USB: dwc3: fix clock issue during resume in OTG mode (git-fixes). - USB: gadget: legacy: fix an error code in eth_bind() (git-fixes). - USB: gadget: u_audio: Free requests only after callback (git-fixes). - USB: musb: Fix runtime PM race in musb_queue_resume_work (git-fixes). - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - USB: quirks: sort quirk entries (git-fixes). - USB: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() (git-fixes). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes). - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes). - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes). - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes). - USB: serial: option: Adding support for Cinterion MV31 (git-fixes). - USB: usblp: do not call usb_set_interface if there's a single alt (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (git-fixes). - vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265). - virtio_net: Fix error code in probe() (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes). - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - vxlan: fix memleak of fdb (git-fixes). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes). - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460). - x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489). - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272). - xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558). - xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276). - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430). - xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273). - xfs: ratelimit xfs_discard_page messages (bsc#1182283). - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561). - xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275). - xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278). - xfs: strengthen rmap record flags checking (git-fixes bsc#1182271). - xhci: fix bounce buffer usage for non-sg list case (git-fixes). Important SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1078720 SUSE bug 1081134 SUSE bug 1084610 SUSE bug 1132477 SUSE bug 1151927 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1163776 SUSE bug 1169514 SUSE bug 1170442 SUSE bug 1176248 SUSE bug 1176855 SUSE bug 1177109 SUSE bug 1177326 SUSE bug 1177440 SUSE bug 1177529 SUSE bug 1178142 SUSE bug 1178995 SUSE bug 1179082 SUSE bug 1179137 SUSE bug 1179243 SUSE bug 1179428 SUSE bug 1179660 SUSE bug 1179929 SUSE bug 1180058 SUSE bug 1180846 SUSE bug 1180964 SUSE bug 1180989 SUSE bug 1181133 SUSE bug 1181259 SUSE bug 1181544 SUSE bug 1181574 SUSE bug 1181637 SUSE bug 1181655 SUSE bug 1181671 SUSE bug 1181674 SUSE bug 1181710 SUSE bug 1181720 SUSE bug 1181735 SUSE bug 1181736 SUSE bug 1181738 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181818 SUSE bug 1181843 SUSE bug 1181854 SUSE bug 1181896 SUSE bug 1181958 SUSE bug 1181960 SUSE bug 1181985 SUSE bug 1182047 SUSE bug 1182118 SUSE bug 1182128 SUSE bug 1182140 SUSE bug 1182171 SUSE bug 1182175 SUSE bug 1182259 SUSE bug 1182265 SUSE bug 1182266 SUSE bug 1182267 SUSE bug 1182268 SUSE bug 1182271 SUSE bug 1182272 SUSE bug 1182273 SUSE bug 1182275 SUSE bug 1182276 SUSE bug 1182278 SUSE bug 1182283 SUSE bug 1182374 SUSE bug 1182380 SUSE bug 1182381 SUSE bug 1182406 SUSE bug 1182430 SUSE bug 1182439 SUSE bug 1182441 SUSE bug 1182442 SUSE bug 1182443 SUSE bug 1182444 SUSE bug 1182445 SUSE bug 1182446 SUSE bug 1182447 SUSE bug 1182449 SUSE bug 1182454 SUSE bug 1182455 SUSE bug 1182456 SUSE bug 1182457 SUSE bug 1182458 SUSE bug 1182459 SUSE bug 1182460 SUSE bug 1182461 SUSE bug 1182462 SUSE bug 1182463 SUSE bug 1182464 SUSE bug 1182465 SUSE bug 1182466 SUSE bug 1182485 SUSE bug 1182489 SUSE bug 1182490 SUSE bug 1182547 SUSE bug 1182558 SUSE bug 1182560 SUSE bug 1182561 SUSE bug 1182571 SUSE bug 1182599 SUSE bug 1182602 SUSE bug 1182626 SUSE bug 1182650 SUSE bug 1182672 SUSE bug 1182676 SUSE bug 1182683 SUSE bug 1182684 SUSE bug 1182686 SUSE bug 1182697 SUSE bug 1182770 SUSE bug 1182798 SUSE bug 1182800 SUSE bug 1182801 SUSE bug 1182854 SUSE bug 1182856 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Update to 87.0.4280.141 (boo#1180645) - CVE-2021-21106: Use after free in autofill - CVE-2021-21107: Use after free in drag and drop - CVE-2021-21108: Use after free in media - CVE-2021-21109: Use after free in payments - CVE-2021-21110: Use after free in safe browsing - CVE-2021-21111: Insufficient policy enforcement in WebUI - CVE-2021-21112: Use after free in Blink - CVE-2021-21113: Heap buffer overflow in Skia - CVE-2020-16043: Insufficient data validation in networking - CVE-2021-21114: Use after free in audio - CVE-2020-15995: Out of bounds write in V8 - CVE-2021-21115: Use after free in safe browsing - CVE-2021-21116: Heap buffer overflow in audio - Use main URLs instead of redirects in master preferences Important SUSE bug 1180645 CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability (bsc#1182805). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1182805 CVE-2021-27803 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1183026 CVE-2021-21300 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 CVE-2021-27219 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for kernel-firmware fixes the following issues: - CVE-2020-12373: Fixed an expired pointer dereference may lead to DOS (bsc#1181738). - CVE-2020-12364: Fixed a null pointer reference may lead to DOS (bsc#1181736). - CVE-2020-12362: Fixed an integer overflow which could have led to privilege escalation (bsc#1181720). - CVE-2020-12363: Fixed an improper input validation which may have led to DOS (bsc#1181735). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1181720 SUSE bug 1181735 SUSE bug 1181736 SUSE bug 1181738 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12373 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for stunnel fixes the following issues: - Security fix: [bsc#1177580, bsc#1182529, CVE-2021-20230] * 'redirect' option does not properly handle 'verifyChain = yes' This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1177580 SUSE bug 1182529 CVE-2021-20230 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for crmsh fixes the following issues: - Update to version 4.3.0+20210305.9db5c9a8: * Fix: bootstrap: Adjust qdevice configure/remove process to avoid race condition due to quorum lost(bsc#1181415) * Dev: cibconfig: remove related code about detecting crm_diff support --no-verion * Fix: ui_configure: raise error when params not exist(bsc#1180126) * Dev: doc: remove doc for crm node status * Dev: ui_node: remove status subcommand - Update to version 4.3.0+20210219.5d1bf034: * Fix: hb_report: walk through hb_report process under hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571) * Fix: bootstrap: setup authorized ssh access for hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571) * Dev: analyze: Add analyze sublevel and put preflight_check in it(jsc#ECO-1658) * Dev: utils: change default file mod as 644 for str2file function * Dev: hb_report: Detect if any ocfs2 partitions exist * Dev: lock: give more specific error message when raise ClaimLockError * Fix: Replace mktemp() to mkstemp() for security * Fix: Remove the duplicate --cov-report html in tox. * Fix: fix some lint issues. * Fix: Replace utils.msg_info to task.info * Fix: Solve a circular import error of utils.py * Fix: hb_report: run lsof with specific ocfs2 device(bsc#1180688) * Dev: corosync: change the permission of corosync.conf to 644 * Fix: preflight_check: task: raise error when report_path isn't a directory * Fix: bootstrap: Use class Watchdog to simplify watchdog config(bsc#1154927, bsc#1178869) * Dev: Polish the sbd feature. * Dev: Replace -f with -c and run check when no parameter provide. * Fix: Fix the yes option not working * Fix: Remove useless import and show help when no input. * Dev: Correct SBD device id inconsistenc during ASR * Fix: completers: return complete start/stop resource id list correctly(bsc#1180137) * Dev: Makefile.am: change makefile to integrate preflight_check * Medium: integrate preflight_check into crmsh(jsc#ECO-1658) * Fix: bootstrap: make sure sbd device UUID was the same between nodes(bsc#1178454) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1154927 SUSE bug 1178454 SUSE bug 1178869 SUSE bug 1179999 SUSE bug 1180126 SUSE bug 1180137 SUSE bug 1180571 SUSE bug 1180688 SUSE bug 1181415 CVE-2020-35459 CVE-2021-3020 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: - Update to version 74.0.3911.203 - CHR-8324 Update chromium on desktop-stable-88-3911 to 88.0.4324.182(boo#1182358) - DNA-90762 Replace “Don’t show again” with “Discard” - DNA-90974 Crash at opera::PersistentRecentlyClosedWindows::GetEntryType(SessionID) - DNA-91289 [Search tabs] Wrong tab stays highlighted after removing another tab - DNA-91476 Invalid memory dereference PlayerServiceBrowsertest - DNA-91502 Change system name on opera://about page for MacOS - DNA-91740 Missing title in Extensions Toolbar Menu - The update to chromium 88.0.4324.182 fixes following issues: CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157 - Update to version 74.0.3911.160 - DNA-90409 Cleanup Javascript dialogs: app modal & tab modal - DNA-90720 [Search Tabs] Allow discarding recently closed items - DNA-90802 [Windows] Debug fails on linking - DNA-91130 heap-use-after-free in CashbackBackendServiceTest.AutoUpdateSchedule - DNA-91152 Allow reading agent variables in trigger conditions - DNA-91225 [Search tabs] The webpage doesn’t move from “Open tabs” to “Recently closed” section - DNA-91243 Add Rich Hint support for the cashback badge and popup - DNA-91483 component_unittests are timing out - DNA-91516 Sidebar setup opens only with cashback enabled - DNA-91601 No text in 1st line of address bar dropdown suggestions - DNA-91603 Jumbo build problem on desktop-stable-88-3911 Important SUSE bug 1182358 CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for froxlor fixes the following issues: - Upstream upgrade to version 0.10.23 (boo#846355) - Upstream upgrade to version 0.10.22 (boo#846355) - BuildRequire cron as this contains now the cron directories - Use %license for COPYING file instead of %doc [boo#1082318] Upstream upgrade to version 0.9.40.1 (boo#846355) new features besides API that found their way in: - 2FA / TwoFactor Authentication for accounts - MySQL8 compatibility - new implementation of Let's Encrypt (acme.sh) - customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) - lots and lots of bugfixes and small enhancements Upstream upgrade to version 0.9.39.5 (boo#846355) - PHP rand function for random number generation fixed in previous version (boo#1025193) CVE-2016-5100 - upstream upgrade to version 0.9.39 (boo#846355) - Add and change of froxlor config files and manual - Change Requires to enable use with php7 Moderate SUSE bug 1025193 SUSE bug 1082318 SUSE bug 846355 SUSE bug 958100 CVE-2016-5100 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for connman fixes the following issues: Update to 1.39 (boo#1181751): * Fix issue with scanning state synchronization and iwd. * Fix issue with invalid key with 4-way handshake offloading. * Fix issue with DNS proxy length checks to prevent buffer overflow. (CVE-2021-26675) * Fix issue with DHCP leaking stack data via uninitialized variable. (CVE-2021-26676) Update to 1.38: * Fix issue with online check on IP address update. * Fix issue with OpenVPN and encrypted private keys. * Fix issue with finishing of VPN connections. * Add support for updated stable iwd APIs. * Add support for WireGuard networks. Update to 1.37: * Fix issue with handling invalid gateway addresses. * Fix issue with handling updates of default gateway. * Fix issue with DHCP servers that require broadcast flag. * Add support for option to use gateways as time servers. * Add support for option to select default technology. * Add support for Address Conflict Detection (ACD). * Add support for IPv6 iptables management. Change in 1.36: * Fix issue with DNS short response on error handling. * Fix issue with handling incoming DNS requests. * Fix issue with handling empty timeserver list. * Fix issue with incorrect DHCP byte order. * Fix issue with AllowDomainnameUpdates handling. * Fix issue with IPv4 link-local IP conflict error. * Fix issue with handling WISPr over TLS connections. * Fix issue with WiFi background scanning handling. * Fix issue with WiFi disconnect+connect race condition. * Fix issue with WiFi scanning and tethering operation. * Fix issue with WiFi security change handling. * Fix issue with missing signal for WPS changes. * Fix issue with online check retry handling. * Add support for systemd-resolved backend. * Add support for mDNS configuration setup. Moderate SUSE bug 1181751 CVE-2021-26675 CVE-2021-26676 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for 389-ds fixes the following issues: - 389-ds was updated to version 1.4.3.19 - CVE-2020-35518: Fixed an information disclosure during the binding of a DN (bsc#1181159). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1181159 CVE-2020-35518 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql12 fixes the following issues: Upgrade to version 12.6: - Reindexing might be needed after applying this update. - CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1179765 SUSE bug 1182040 CVE-2021-3393 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1182331 SUSE bug 1182333 SUSE bug 1182959 CVE-2021-23840 CVE-2021-23841 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for freeradius-server fixes the following issues: - move logrotate options into specific parts for each log as 'global' options will persist past and clobber global options in the main logrotate config (bsc#1180525) This update was imported from the SUSE:SLE-15-SP2:Update update project. Low SUSE bug 1180525 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-markdown2 fixes the following issues: Update to 2.4.0 (boo#1181270): - [pull #377] Fixed bug breaking strings elements in metadata lists - [pull #380] When rendering fenced code blocks, also add the language-LANG class - [pull #387] Regex DoS fixes (CVE-2021-26813, boo#1183171) - Switch off failing tests (gh#trentm/python-markdown2#388), ignore failing test suite. update to 2.3.9: - [pull #335] Added header support for wiki tables - [pull #336] Reset _toc when convert is run - [pull #353] XSS fix - [pull #350] XSS fix - Add patch to fix unsanitized input for cross-site scripting (boo#1171379) Moderate SUSE bug 1171379 SUSE bug 1181270 SUSE bug 1183171 CVE-2021-26813 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1179602 CVE-2020-17527 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182379 CVE-2021-23336 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Chromium was updated to 89.0.4389.90 (boo#1183515) - CVE-2021-21191: Use after free in WebRTC. - CVE-2021-21192: Heap buffer overflow in tab groups. - CVE-2021-21193: Use after free in Blink. Important SUSE bug 1183515 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for privoxy fixes the following issues: Update to version 3.0.32: - Security/Reliability (boo#1183129) - ssplit(): Remove an assertion that could be triggered with a crafted CGI request. Commit 2256d7b4d67. OVE-20210203-0001. CVE-2021-20272 Reported by: Joshua Rogers (Opera) - cgi_send_banner(): Overrule invalid image types. Prevents a crash with a crafted CGI request if Privoxy is toggled off. Commit e711c505c48. OVE-20210206-0001. CVE-2021-20273 Reported by: Joshua Rogers (Opera) - socks5_connect(): Don't try to send credentials when none are configured. Fixes a crash due to a NULL-pointer dereference when the socks server misbehaves. Commit 85817cc55b9. OVE-20210207-0001. CVE-2021-20274 Reported by: Joshua Rogers (Opera) - chunked_body_is_complete(): Prevent an invalid read of size two. Commit a912ba7bc9c. OVE-20210205-0001. CVE-2021-20275 Reported by: Joshua Rogers (Opera) - Obsolete pcre: Prevent invalid memory accesses with an invalid pattern passed to pcre_compile(). Note that the obsolete pcre code is scheduled to be removed before the 3.0.33 release. There has been a warning since 2008 already. Commit 28512e5b624. OVE-20210222-0001. CVE-2021-20276 Reported by: Joshua Rogers (Opera) - Bug fixes: - Properly parse the client-tag-lifetime directive. Previously it was not accepted as an obsolete hash value was being used. Reported by: Joshua Rogers (Opera) - decompress_iob(): Prevent reading of uninitialized data. Reported by: Joshua Rogers (Opera). - decompress_iob(): Don't advance cur past eod when looking for the end of the file name and comment. - decompress_iob(): Cast value to unsigned char before shifting. Prevents a left-shift of a negative value which is undefined behaviour. Reported by: Joshua Rogers (Opera) - gif_deanimate(): Confirm that that we have enough data before doing any work. Fixes a crash when fuzzing with an empty document. Reported by: Joshua Rogers (Opera). - buf_copy(): Fail if there's no data to write or nothing to do. Prevents undefined behaviour 'applying zero offset to null pointer'. Reported by: Joshua Rogers (Opera) - log_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is being used while fuzzing. Reported by: Joshua Rogers (Opera). - Respect DESTDIR when considering whether or not to install config files with '.new' extension. - OpenSSL ssl_store_cert(): Fix two error messages. - Fix a couple of format specifiers. - Silence compiler warnings when compiling with NDEBUG. - fuzz_server_header(): Fix compiler warning. - fuzz_client_header(): Fix compiler warning. - cgi_send_user_manual(): Also reject requests if the user-manual directive specifies a https:// URL. Previously Privoxy would try and fail to open a local file. - General improvements: - Log the TLS version and the the cipher when debug 2 is enabled. - ssl_send_certificate_error(): Respect HEAD requests by not sending a body. - ssl_send_certificate_error(): End the body with a single new line. - serve(): Increase the chances that the host is logged when closing a server socket. - handle_established_connection(): Add parentheses to clarify an expression Suggested by: David Binderman - continue_https_chat(): Explicitly unset CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE if process_encrypted_request() fails. This makes it more obvious that the connection will not be reused. Previously serve() relied on CSP_FLAG_SERVER_CONTENT_LENGTH_SET and CSP_FLAG_CHUNKED being unset. Inspired by a patch from Joshua Rogers (Opera). - decompress_iob(): Add periods to a couple of log messages - Terminate the body of the HTTP snipplets with a single new line instead of '\r\n'. - configure: Add --with-assertions option and only enable assertions when it is used - windows build: Use --with-brotli and --with-mbedtls by default and enable dynamic error checking. - gif_deanimate(): Confirm we've got an image before trying to write it Saves a pointless buf_copy() call. - OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number. - Action file improvements: - Disable fast-redirects for .golem.de/ - Unblock requests to adri*. - Block requests for trc*.taboola.com/ - Disable fast-redirects for .linkedin.com/ - Filter file improvements: - Make the second pcrs job of the img-reorder filter greedy again. The ungreedy version broke the img tags on: https://bulk.fefe.de/scalability/. - Privoxy-Log-Parser: - Highlight a few more messages. - Clarify the --statistics output. The shown 'Reused connections' are server connections so name them appropriately. - Bump version to 0.9.3. - Privoxy-Regression-Test: - Add the --check-bad-ssl option to the --help output. - Bump version to 0.7.3. - Documentation: - Add pushing the created tag to the release steps in the developer manual. - Clarify that 'debug 32768' should be used in addition to the other debug directives when reporting problems. - Add a 'Third-party licenses and copyrights' section to the user manual. Moderate SUSE bug 1183129 CVE-2021-20272 CVE-2021-20273 CVE-2021-20274 CVE-2021-20275 CVE-2021-20276 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libmysofa fixes the following issues: - Added security backports: gh#hoene/libmysofa#136 - CVE-2020-36152 - boo#1181977 gh#hoene/libmysofa#138 - CVE-2020-36148 - boo#1181981 gh#hoene/libmysofa#137 - CVE-2020-36149 - boo#1181980 gh#hoene/libmysofa#134 - CVE-2020-36151 - boo#1181978 gh#hoene/libmysofa#135 - CVE-2020-36150 - boo#1181979 gh#hoene/libmysofa#96 - CVE-2020-6860 - boo#1182883 Update to version 0.9.1 * Extended angular neighbor search to 'close the sphere' * Added and exposed mysofa_getfilter_float_nointerp method * Fixed various security issues CVE-2019-16091 - boo#1149919 CVE-2019-16092 - boo#1149920 CVE-2019-16093 - boo#1149922 CVE-2019-16094 - boo#1149924 CVE-2019-16095 - boo#1149926 CVE-2019-20016 - boo#1159839 CVE-2019-20063 - boo#1160040 Moderate SUSE bug 1149919 SUSE bug 1149920 SUSE bug 1149922 SUSE bug 1149924 SUSE bug 1149926 SUSE bug 1159839 SUSE bug 1160040 SUSE bug 1181977 SUSE bug 1181978 SUSE bug 1181979 SUSE bug 1181980 SUSE bug 1181981 SUSE bug 1182883 CVE-2019-16091 CVE-2019-16092 CVE-2019-16093 CVE-2019-16094 CVE-2019-16095 CVE-2019-20016 CVE-2019-20063 CVE-2020-36148 CVE-2020-36149 CVE-2020-36150 CVE-2020-36151 CVE-2020-36152 CVE-2020-6860 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for velocity fixes the following issues: - CVE-2020-13936: Fixed an arbitrary code execution when attacker is able to modify templates (bsc#1183360). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183360 CVE-2020-13936 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for netty fixes the following issues: - CVE-2021-21295: Fixed an improper Content-Length header field validation (bsc#1183262). : This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1183262 CVE-2021-21295 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cobbler fixes the following issues: - Add cobbler-tests subpackage for unit testing for openSUSE/SLE - Adds LoadModule definitions for openSUSE/SLE - Switch to new refactored auth module. - use systemctl to restart cobblerd on logfile rotation (boo#1169207) Mainline logrotate conf file uses already /sbin/service instead of outdated: /etc/init.d/cobblerd - Fix cobbler sync for DHCP or DNS (boo#1169553) Fixed mainline by commit 2d6cfe42da - Signatures file now uses 'default_autoinstall' which fixes import problem happening with some distributions (boo#1159010) - Fix for kernel and initrd detection (boo#1159010) - New: * For the distro there is now a parameter remote_boot_initrd and remote_boot_kernel () * For the profile there is now a parameter filename for DHCP. (#2280) * Signatures for ESXi 6 and 7 (#2308) * The hardlink command is now detected more dynamically and thus more error resistant (#2297) * HTTPBoot will now work in some cases out of the bug. (#2295) * Additional DNS query for a case where the wrong record was queried in the nsupdate system case (#2285) - Changes: * Enabled a lot of tests, removed some and implemented new. (#2202) * Removed not used files from the codebase. (#2302) * Exchanged mkisofs to xorrisofs. (#2296) * Removed duplicate code. (#2224) * Removed unreachable code. (#2223) * Snippet creation and deletion now works again via xmlrpc. (#2244) * Replace createrepo with createrepo_c. (#2266) * Enable Kerberos through having a case sensitive users.conf. (#2272) - Bugfixes: * General various Bugfixes (#2331, ) * Makefile usage and commands. (#2344, #2304) * Fix the dhcp template. (#2314) * Creation of the management classes and gPXE. (#2310) * Fix the scm_track module. (#2275, #2279) * Fix passing the netdevice parameter correctly to the linuxrc. (#2263) * powerstatus from cobbler now works thanks to a wrapper for ipmitool. (#2267) * In case the LDAP is used for auth, it now works with ADs. (#2274) * Fix passthru authentication. (#2271) - Other: * Add Codecov. (#2229) * Documentation updates. (#2333, #2326, #2305, #2249, #2268) * Buildprocess: * Recreation and cleanup of Grub2. (#2278) * Fix small errors for openSUSE Leap. (#2233) * Fix rpmlint errors. (#2237) * Maximum compatibility for debbuild package creation. (#2255, #2292, #2242, #2300) * Fixes related to our CI Pipeline (#2254, #2269) * Internal Code cleanup (#2273, #2270) - Breaking Changes: * Hash handling in users.digest file. (#2299) - Updated to version 3.1.1. * Introduce new packaging from upstream * Changelog see below - New: * We are now having a cross-distro specfile which can be build in the OBS (#2220) - before rewritten it was improved by #2144 & #2174 * Grub Submenu for net-booting machines (#2217) * Building the Cent-OS RPMs in Docker (#2190 #2189) * Reintroduced manpage build in setup.py (#2185) * mgmt_parameters are now passed to the dhcp template (#2182) * Using the standard Pyhton3 logger instead of a custom one (#2160 #2139 #2151) * Script for converting the settings file from 3.0.0 to 3.0.1 (#2154) * Docs now inside the repo instead of cobbler.github.io and improved with sphinx (#2117) - Changes: * The default tftpboot directory is now /var/lib/tftpboot instead of previously /srv/tftpboot (#2220) * Distro signatures were adjusted where necessary (#2219 #2134) * Removed requirements.txt and placed the requirements in setup.py (#2204) * Display only entries in grub which are from the same arch (#2191 #2216) * Change the name of the cobbler manpage form cobbler-cli to cobbler back and move it to section 8 (#2188 #2186) - Bugfixes: * Incremented Version to 3.1.1 from 3.0.1 * S390 Support was cleaned up (#2207 #2178) * PowerPC Support was cleaned up (#2178) * Added a missing import while importing a distro with cobbler import (#2201) * Fixed a case where a stacktrace would be produced so pass none instead (#2203) * Rename of suse_kopts_textmode_overwrite to kops_overwrite to utils (#2143 #2200) * Fix rsync subprocess call (#2199 #2179) * Fixed an error where the template rendering did not work (#2176) * Fixed some cobbler import errors (#2172) * Wrong shebang in various scripts (#2148) * Fix some imports which fixes errors introduced by the remodularization (#2150 #2153) - Other: * Issue Templates for Github (#2187) - Update to latest git HEAD code base This version (from mainline so for quite a while already) also includes fixes for 'boo#1149075' and boo#1151875 - Fix for cobbler import and buildiso (boo#1156574) - Adjusted manpage creation (needs sphinx as BuildRequires) - Fix cobbler sync for dhcp and dns enabled due to latest module renaming patches - Update to latest git HEAD - Fixes permission denied in apache2 context when trying to write cobbler log - Fixes a bad import in import_signature (item) - Fixes bad shebang bash path in mkgrub.sh (used in post section) - Now track Github master branch WARNING: This release contains breaking changes for your settings file! * Notable changes: - Now using standard python logger - Updated dhcpd.template - Removed fix_shebang.patch: now in upstream. - added -s parameter to fdupes call to prevent hardlink across partititons - Update to latest v3.0.0 cobbler release - Add previouly added patch: exclude_get-loaders_command.patch to the list of patches to apply. - Fix log file world readable (as suggested by Matthias Gerstner) and change file attributes via attr in spec file - Do not allow get-loaders command (download of third party provided network boot loaders we do not trust) - Mainline fixes: 3172d1df9b9cc8 Add missing help text in redhat_management_key field c8f5490e507a72 Set default interface if cobbler system add has no --interface= param 31a1aa31d26c4a Remove apache IfVersion tags from apache configs - Integrated fixes that came in from mainline from other products (to calm down obs regression checker): CVE-2011-4953, fate#312397, boo#660126, boo#671212, boo#672471, boo#682665 boo#687891, boo#695955, boo#722443, boo#722445, boo#757062, boo#763610 boo#783671, boo#790545, boo#796773, boo#811025, boo#812948, boo#842699 boo#846580, boo#869371, boo#884051, boo#976826, boo#984998 Some older bugs need boo# references as well: boo#660126, boo#671212, boo#672471, boo#682665 boo#687891, boo#695955, boo#722443, boo#722445, boo#757062, boo#763610 boo#783671, boo#790545, boo#796773, boo#811025, boo#812948, boo#842699 boo#846580, boo#869371, boo#884051 - Fix for redhat_management_key not being listed as a choice during profile rename (boo#1134588) - Added: * rhn-mngmnt-key-field-fix.diff - Fixes distribution detection in setup.py for SLESo - Added: * changes-detection-to-distro-like-for-suse-distributions.diff - Moving to pytest and adding Docker test integration - Added: * add-docker-integration-testing.diff * refactor-unittest-to-pytest.diff - Additional compatability changes for old Koan versions. - Modified: * renamed-methods-alias-part2.patch - Old Koan versions not only need method aliases, but also need compatible responses - Added: * renamed-methods-alias-part2.patch - Add the redhat_managment_* fields again to enable templating in SUMA. - Added: * revert-redhat-management-removal.patch - Changes return of last_modified_time RPC to float - Added: * changes-return-to-float.diff - provide old name aliases for all renamed methods: - get_distro_for_koan => get_distro_as_rendered - get_profile_for_koan => get_profile_as_rendered - get_system_for_koan => get_system_as_rendered - get_repo_for_koan => get_repo_as_rendered - get_image_for_koan => get_image_as_rendered - get_mgmtclass_for_koan => get_mgmtclass_as_rendered - get_package_for_koan => get_package_as_rendered - get_file_for_koan => get_file_as_rendered - Renamed: get_system_for_koan.patch => renamed-methods-alias.patch - provide renamed method 'get_system_for_koan' under old name for old clients. - Added: * get_system_for_koan.patch - Bring back power_system method in the XML-RPC API - Changed lanplus option to lanplus=true in fence_ipmitool.template - Added: * power_system_xmlrpc_api.patch - Changed: * fence_ipmitool.template - Disables nsupdate_enabled by default - Added: * disable_nsupdate_enabled_by_default.diff - Fixes issue in distribution detection with 'lower' function call. - Modified: * remodeled-distro-detection.diff - Adds imporoved distribution detection. Since now all base products get detected correctly, we no longer need the SUSE Manager patch. - Added: * remodeled-distro-detection.diff - fix grub directory layout - Added: * create-system-directory-at-the-correct-place.patch - fix HTTP status code of XMLRPC service - Added: * fix-http-status-code.patch - touch /etc/genders when it not exists (boo#1128926) - Add patches to fix logging - Added: * return-the-name-of-the-unknown-method.patch * call-with-logger-where-possible.patch - Switching version schema from 3.0 to 3.0.0 - Fixes case where distribution detection returns None (boo#1130658) - Added: * fixes-distro-none-case.diff - Removes newline from token, which caused authentication error (boo#1128754) - Added: * remove-newline-from-token.diff - Added a patch which fixes an exception when login in with a non-root user. - Added: * fix-login-error.patch - Added a patch which fixes an exception when login in with a non-root user. - Added: * fix-login-error.patch - Remove patch merged at upstream: * 0001-return-token-as-string.patch - change grub2-x86_64-efi dependency to Recommends - grub2-i386pc is not really required. Changed to recommended to allow building for architectures other than x86_64 - Use cdrtools starting with SLE-15 and Leap-15 again. (boo#1081739) - Update cobbler loaders server hostname (boo#980577) - Update outdated apache config (boo#956264) - Replace builddate with changelog date to fix build-compare (boo#969538) - LOCKFILE usage removed on openSUSE (boo#714618) - Power management subsystem completely re-worked to prevent command-injection (CVE-2012-2395) - Removed patch merged at upstream: * cobblerd_needs_apache2_service_started.patch - Checking bug fixes of released products are in latest develop pkg: - remove fix-nameserver-search.fix; bug is invalid (boo#1029276) -> not needed anymore - fix cobbler yaboot handling (boo#968406, boo#966622) -> no yaboot support anymore - support UEFI boot with cobbler generated tftp tree (boo#1020376) -> upstream - Enabling PXE grub2 support for PowerPC (boo#986978) -> We have grub2 support for ppc64le - (boo#1048183) fix missing args and location for xen -> is in - no koan support anymore: boo#969541, boo#924118, boo#967523 - not installed (boo#966841) works. - These still have to be looked at: SUSE system as systemd only (boo#952844) handle list value for kernel options correctly (boo#973413) entry in pxe menu (boo#988889) - This still has to be switched off (at least in internal cobbler versions): Disabling 'get-loaders' command and 'check' fixed. boo#973418 - Add explicity require to tftp, so it is used for both SLE and openSUSE (originally from jgonzalez@suse.com) - Moved Recommends according to spec_cleaner - Require latest apache2-mod_wsgi-python3 package This fixes interface to http://localhost/cblr/svc/... - Use latest github cobbler/cobbler master branch in _service file - cobblerd_needs_apache2_service_started.patch reverted, that is mainline now: - Only recommend grub2-arm and grub2-ppc packages or we might not be able to build on factory where arm/ppc might not be built - Remove genders package requires. A genders file is generated, but we do not need/use the genders package. - Update to latest cobbler version 3.0 mainline git HEAD version and remove already integrated or not needed anymore patches. - Serial console support added, did some testing already Things should start to work as expected - Add general grub2 support - Put mkgrub.* into mkgrub.sh - Add git date and commit to version string for now - Add grub2 mkimage scripts: mkgrub.i386-pc mkgrub.powerpc-ieee1275 mkgrub.x86_64-efi mkgrub.arm64-efi and generate grub executables with them in the %post section - build server wants explicite package in BuildRequires; use tftp - require tftp(server) instead of atftp - cleanup: cobbler is noarch, so arch specific requires do not make sense - SLES15 is using /etc/os-release instead of /etc/SuSE-release, use this one for checking also - add sles15 distro profile (boo#1090205) - fix signature for SLES15 (boo#1075014) - fix signature for SLES15 (boo#1075014) - fix koan wait parameter initialization - Fix koan shebang - Escape shell parameters provided by the user for the reposync action (CVE-2017-1000469) (boo#1074594) - detect if there is already another instance of 'cobbler sync' running and exit with failure if so (boo#1081714) - do not try to hardlink to a symlink. The result will be a dangling symlink in the general case (boo#1097733) - fix service restart after logrotate for cobblerd (boo#1113747) - rotate cobbler logs at higher frequency to prevent disk fillup (boo#1113747) - Forbid exposure of private methods in the API (CVE-2018-10931) (CVE-2018-1000225) (boo#1104287) (boo#1104189) (boo#1105442) - Check access token when calling 'modify_setting' API endpoint (boo#1104190) (boo#1105440) (CVE-2018-1000226) Moderate SUSE bug 1020376 SUSE bug 1029276 SUSE bug 1048183 SUSE bug 1074594 SUSE bug 1075014 SUSE bug 1081714 SUSE bug 1081739 SUSE bug 1090205 SUSE bug 1097733 SUSE bug 1101670 SUSE bug 1104189 SUSE bug 1104190 SUSE bug 1104287 SUSE bug 1105440 SUSE bug 1105442 SUSE bug 1113747 SUSE bug 1128754 SUSE bug 1128926 SUSE bug 1130658 SUSE bug 1134588 SUSE bug 1149075 SUSE bug 1151875 SUSE bug 1156574 SUSE bug 1159010 SUSE bug 1169207 SUSE bug 1169553 SUSE bug 1169779 SUSE bug 1170462 SUSE bug 660126 SUSE bug 671212 SUSE bug 672471 SUSE bug 682665 SUSE bug 687891 SUSE bug 695955 SUSE bug 714618 SUSE bug 722443 SUSE bug 722445 SUSE bug 757062 SUSE bug 763610 SUSE bug 783671 SUSE bug 790545 SUSE bug 796773 SUSE bug 811025 SUSE bug 812948 SUSE bug 842699 SUSE bug 846580 SUSE bug 869371 SUSE bug 884051 SUSE bug 924118 SUSE bug 952844 SUSE bug 956264 SUSE bug 966622 SUSE bug 966841 SUSE bug 967523 SUSE bug 968406 SUSE bug 969538 SUSE bug 969541 SUSE bug 973413 SUSE bug 973418 SUSE bug 976826 SUSE bug 980577 SUSE bug 984998 SUSE bug 986978 SUSE bug 988889 CVE-2011-4953 CVE-2012-2395 CVE-2017-1000469 CVE-2018-1000225 CVE-2018-1000226 CVE-2018-10931 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tor fixes the following issues: tor was updated to 0.4.5.7 * https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html * Fix 2 denial of service security issues (boo#1183726) + Disable the dump_desc() function that we used to dump unparseable information to disk (CVE-2021-28089) + Fix a bug in appending detached signatures to a pending consensus document that could be used to crash a directory authority (CVE-2021-28090) * Ship geoip files based on the IPFire Location Database Moderate SUSE bug 1183726 CVE-2021-28089 CVE-2021-28090 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for grub2 fixes the following issues: grub2 implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) - Fixed chainloading windows on dual boot machine (bsc#1183073) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 SUSE bug 1183073 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172442 SUSE bug 1181358 CVE-2020-11080 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ldb fixes the following issues: - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183572 SUSE bug 1183574 CVE-2020-27840 CVE-2021-20277 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183456 SUSE bug 1183457 CVE-2021-20231 CVE-2021-20232 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125). - Enable optimizations also on ARM64 (bsc#1177222) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1177125 SUSE bug 1177222 CVE-2020-25613 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libass fixes the following issues: - CVE-2020-26682: Fixed a signed integer overflow in the call to outline_stroke() (bsc#1177862). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1177862 CVE-2020-26682 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hawk2 fixes the following issues: - Update to version 2.6.3: * Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459) * Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314) * Sanitize filename to contains whitelist of alphanumeric (bsc#1182165) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179999 SUSE bug 1182165 SUSE bug 1182166 CVE-2020-35459 CVE-2021-25314 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183852 CVE-2021-3449 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.15 fixes the following issues: - go1.15.10 (released 2021-03-11) (bsc#1175132) - go1.15.9 (released 2021-03-10) (bsc#1175132) - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175132 SUSE bug 1183333 CVE-2021-27918 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1183370 SUSE bug 1183371 CVE-2021-24031 CVE-2021-24032 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for evolution-data-server fixes the following issues: - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities (bsc#1174712). - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 (bsc#1173910). - Fix buffer overrun when parsing base64 data (bsc#1182882). This update for evolution-ews fixes the following issue: - Fix buffer overrun when parsing base64 data (bsc#1182882). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1173910 SUSE bug 1174712 SUSE bug 1182882 CVE-2020-14928 CVE-2020-16117 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for eclipse fixes the following issues: - CVE-2020-27225: Authenticate active help requests to the local help web server (bsc#1183728). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183728 CVE-2020-27225 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1181131 CVE-2021-20193 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ovmf fixes the following issues: - CVE-2021-28211: ovmf: edk2: possible heap corruption with LzmaUefiDecompressGetInfo (bsc#1183578) - CVE-2021-28210: ovmf: unlimited FV recursion, round 2 (bsc#1183579) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1183578 SUSE bug 1183579 CVE-2021-28210 CVE-2021-28211 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tomcat fixes the following issues: CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182909 SUSE bug 1182912 CVE-2021-25122 CVE-2021-25329 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1183933 SUSE bug 1183934 CVE-2021-22876 CVE-2021-22890 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for OpenIPMI fixes the following issues: - Fixed an issue where OpenIPMI was creating non-position independent binaries (bsc#1183178). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1183178 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Update to 89.0.4389.114 boo#1184256 - CVE-2021-21194: Use after free in screen capture - CVE-2021-21195: Use after free in V8 - CVE-2021-21196: Heap buffer overflow in TabStrip - CVE-2021-21197: Heap buffer overflow in TabStrip - CVE-2021-21198: Out of bounds read in IPC - CVE-2021-21199: Use Use after free in Aura Important SUSE bug 1184256 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576) - L3: xen: no needsreboot flag set (bsc#1180690) - kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Upstream bug fixes (bsc#1027519) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1027519 SUSE bug 1177204 SUSE bug 1179148 SUSE bug 1180690 SUSE bug 1181254 SUSE bug 1181989 SUSE bug 1182576 SUSE bug 1183072 CVE-2021-28687 CVE-2021-3308 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for isync fixes the following issues: - isync was updated to version 1.3.5 - CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB (boo#1182488) Important SUSE bug 1182488 CVE-2021-20247 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hostapd fixes the following issues: - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348) - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (boo#1172700) - CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934) - added AppArmor profile (source apparmor-usr.sbin.hostapd) Important SUSE bug 1150934 SUSE bug 1172700 SUSE bug 1184348 CVE-2019-16275 CVE-2020-12695 CVE-2021-30004 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues: libostree: Update to version 2020.8 - Enable LTO. (bsc#1133120) - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and signatures, so that they do not have to be re-downloaded if not changed in the meanwhile. - Summaries and delta have been reworked to allow more fine-grained fetching. - Fixes several bugs related to atomic variables, HTTP timeouts, and 32-bit architectures. - Static deltas can now be signed to more easily support offline verification. - There's now support for multiple initramfs images; Is it possible to have a 'main' initramfs image and a secondary one which represents local configuration. - The documentation is now moved to https://ostreedev.github.io/ostree/ - Fix for an assertion failure when upgrading from systems before ostree supported devicetree. - ostree no longer hardlinks zero sized files to avoid hitting filesystem maximum link counts. - ostree now supports `/` and `/boot` being on the same filesystem. - Improvements to the GObject Introspection metadata, some (cosmetic) static analyzer fixes, a fix for the immutable bit on s390x, dropping a deprecated bit in the systemd unit file. - Fix a regression 2020.4 where the 'readonly sysroot' changes incorrectly left the sysroot read-only on systems that started out with a read-only `/` (most of them, e.g. Fedora Silverblue/IoT at least). - The default dracut config now enables reproducibility. - There is a new ostree admin unlock `--transient`. This should to be a foundation for further support for 'live' updates. - New `ed25519` signing support, powered by `libsodium`. - stree commit gained a new `--base` argument, which significantly simplifies constructing 'derived' commits, particularly for systems using SELinux. - Handling of the read-only sysroot was reimplemented to run in the initramfs and be more reliable. Enabling the `readonly=true` flag in the repo config is recommended. - Several fixes in locking for the temporary 'staging' directories OSTree creates, particularly on NFS. - A new `timestamp-check-from-rev` option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS. - Several fixes and enhancements made for 'collection' pulls including a new `--mirror` option. - The ostree commit command learned a new `--mode-ro-executables` which enforces `W^R` semantics on all executables. - Added a new commit metadata key `OSTREE_COMMIT_META_KEY_ARCHITECTURE` to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying. - Stop invalid usage of `%_libexecdir`: + Use `%{_prefix}/lib` where appropriate. + Use `_systemdgeneratordir` for the systemd-generators. + Define `_dracutmodulesdir` based on `dracut.pc`. Add BuildRequires(dracut) for this to work. xdg-desktop-portal: Update to version 1.8.0: - Ensure systemd rpm macros are called at install/uninstall times for systemd user services. - Add BuildRequires on systemd-rpm-macros. - openuri: - Allow skipping the chooser for more URL tyles - Robustness fixes - filechooser: - Return the current filter - Add a 'directory' option - Document the 'writable' option - camera: - Make the client node visible - Don't leak pipewire proxy - Fix file descriptor leaks - Testsuite improvements - Updated translations. - document: - Reduce the use of open fds - Add more tests and fix issues they found - Expose directories with their proper name - Support exporting directories - New fuse implementation - background: Avoid a segfault - screencast: Require pipewire 0.3 - Better support for snap and toolbox - Require `/usr/bin/fusermount`: `xdg-document-portal` calls out to the binary. (bsc#1175899) Without it, files or dirs can be selected, but whatever is done with or in them, will not have any effect - Fixes for `%_libexecdir` changing to `/usr/libexec` xdg-desktop-portal-gtk: Update to version 1.8.0: - filechooser: - Return the current filter - Handle the 'directory' option to select directories - Only show preview when we have an image - screenshot: Fix cancellation - appchooser: Avoid a crash - wallpaper: - Properly preview placement settings - Drop the lockscreen option - printing: Improve the notification - Updated translations. - settings: Fall back to gsettings for enable-animations - screencast: Support Mutter version to 3 (New pipewire api ver 3). flatpak: - Update to version 1.10.2 (jsc#SLE-17238, ECO-3148) - This is a security update which fixes a potential attack where a flatpak application could use custom formated `.desktop` file to gain access to files on the host system. - Fix memory leaks - Documentation and translations updates - Spawn portal better handles non-utf8 filenames - Fix flatpak build on systems with setuid bwrap - Fix crash on updating apps with no deploy data - Remove deprecated texinfo packaging macros. - Support for the new repo format which should make updates faster and download less data. - The systemd generator snippets now call flatpak `--print-updated-env` in place of a bunch of shell for better login performance. - The `.profile` snippets now disable GVfs when calling flatpak to avoid spawning a gvfs daemon when logging in via ssh. - Flatpak now finds the pulseaudio sockets better in uncommon configurations. - Sandboxes with network access it now also has access to the `systemd-resolved` socket to do dns lookups. - Flatpak supports unsetting environment variables in the sandbox using `--unset-env`, and `--env=FOO=` now sets FOO to the empty string instead of unsetting it. - The spawn portal now has an option to share the pid namespace with the sub-sandbox. - This security update fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the 'flatpak run' command when spawning a sub-sandbox (bsc#1180996, CVE-2021-21261) - Fix support for ppc64. - Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, allow to remove python3 dependency on main package. - Enable LTO as gobject-introspection works fine with LTO. (bsc#1133124) - Fixed progress reporting for OCI and extra-data. - The in-memory summary cache is more efficient. - Fixed authentication getting stuck in a loop in some cases. - Fixed authentication error reporting. - Extract OCI info for runtimes as well as apps. - Fixed crash if anonymous authentication fails and `-y` is specified. - flatpak info now only looks at the specified installation if one is specified. - Better error reporting for server HTTP errors during download. - Uninstall now removes applications before the runtime it depends on. - Avoid updating metadata from the remote when uninstalling. - FlatpakTransaction now verifies all passed in refs to avoid. - Added validation of collection id settings for remotes. - Fix seccomp filters on s390. - Robustness fixes to the spawn portal. - Fix support for masking update in the system installation. - Better support for distros with uncommon models of merged `/usr`. - Cache responses from localed/AccountService. - Fix hangs in cases where `xdg-dbus-proxy` fails to start. - Fix double-free in cups socket detection. - OCI authenticator now doesn't ask for auth in case of http errors. - Fix invalid usage of `%{_libexecdir}` to reference systemd directories. - Fixes for `%_libexecdir` changing to `/usr/libexec` - Avoid calling authenticator in update if ref didn't change - Don't fail transaction if ref is already installed (after transaction start) - Fix flatpak run handling of userns in the `--device=all` case - Fix handling of extensions from different remotes - Fix flatpak run `--no-session-bus` - `FlatpakTransaction` has a new signal `install-authenticator` which clients can handle to install authenticators needed for the transaction. This is done in the CLI commands. - Now the host timezone data is always exposed, fixing several apps that had timezone issues. - There's a new systemd unit (not installed by default) to automatically detect plugged in usb sticks with sideload repos. - By default the `gdm env.d` file is no longer installed because the systemd generators work better. - `create-usb` now exports partial commits by default - Fix handling of docker media types in oci remotes - Fix subjects in `remote-info --log` output - This release is also able to host flatpak images on e.g. docker hub. This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1133120 SUSE bug 1133124 SUSE bug 1175899 SUSE bug 1180996 CVE-2021-21261 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1182057 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fwupd fixes the following issues: - Update to version 1.2.14: (bsc#1182057) - Add SBAT section to EFI images (bsc#1182057) - CVE-2020-10759: Validate that gpgme_op_verify_result() returned at least one signature (bsc#1172643) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172643 SUSE bug 1182057 CVE-2020-10759 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gssproxy fixes the following issues: - CVE-2020-12658: Fixed an issue where gssproxy was not unlocking cond_mutex before pthread exit in gp_worker_main() (bsc#1180515). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1180515 CVE-2020-12658 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - certs: Fix blacklist flag type confusion (git-fixes). - cifs: check pointer before freeing (bsc#1183534). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel() - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 ('drm/msm: Fix use-after-free in msm_gem with carveout') * context changes - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes: - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - ionic: linearize tso skb with too many frags (bsc#1167773). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: ignore more configs Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_* * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler specific too. This will allow us to use super configs using kernel's dummy-tools. - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes). - staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes). - staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes). - staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes). - staging: comedi: das6402: Fix endian problem for AI command data (git-fixes). - staging: comedi: das800: Fix endian problem for AI command data (git-fixes). - staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes). - staging: comedi: me4000: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes). - staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes). - staging: fwserial: Fix error handling in fwserial_create (git-fixes). - staging: gdm724x: Fix DMA from stack (git-fixes). - staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes). - staging: most: sound: add sanity check for function argument (git-fixes). - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table (git-fixes). - staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes). - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (git-fixes). - staging: rtl8192e: Change state information from u16 to u8 (git-fixes). - staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes). - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan (git-fixes). - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() (git-fixes). - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes). - staging: rtl8712: unterminated string leads to read overflow (git-fixes). - stop_machine: mark helpers __always_inline (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev USBip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). Important SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156256 SUSE bug 1159280 SUSE bug 1160634 SUSE bug 1167773 SUSE bug 1168777 SUSE bug 1169514 SUSE bug 1169709 SUSE bug 1171295 SUSE bug 1173485 SUSE bug 1177326 SUSE bug 1178163 SUSE bug 1178330 SUSE bug 1179454 SUSE bug 1180197 SUSE bug 1180980 SUSE bug 1181383 SUSE bug 1181674 SUSE bug 1181862 SUSE bug 1182011 SUSE bug 1182077 SUSE bug 1182485 SUSE bug 1182552 SUSE bug 1182574 SUSE bug 1182591 SUSE bug 1182595 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1182770 SUSE bug 1182989 SUSE bug 1183015 SUSE bug 1183018 SUSE bug 1183022 SUSE bug 1183023 SUSE bug 1183048 SUSE bug 1183252 SUSE bug 1183277 SUSE bug 1183278 SUSE bug 1183279 SUSE bug 1183280 SUSE bug 1183281 SUSE bug 1183282 SUSE bug 1183283 SUSE bug 1183284 SUSE bug 1183285 SUSE bug 1183286 SUSE bug 1183287 SUSE bug 1183288 SUSE bug 1183366 SUSE bug 1183369 SUSE bug 1183386 SUSE bug 1183412 SUSE bug 1183416 SUSE bug 1183427 SUSE bug 1183428 SUSE bug 1183445 SUSE bug 1183447 SUSE bug 1183501 SUSE bug 1183509 SUSE bug 1183530 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183593 SUSE bug 1183596 SUSE bug 1183598 SUSE bug 1183637 SUSE bug 1183646 SUSE bug 1183662 SUSE bug 1183686 SUSE bug 1183692 SUSE bug 1183696 SUSE bug 1183750 SUSE bug 1183757 SUSE bug 1183775 SUSE bug 1183843 SUSE bug 1183859 SUSE bug 1183871 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184176 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184217 SUSE bug 1184218 SUSE bug 1184219 SUSE bug 1184220 SUSE bug 1184224 CVE-2019-18814 CVE-2019-19769 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-35519 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-3428 CVE-2021-3444 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bcc fixes the following issues: - Enabled PIE for bcc-lua if lua support is enabled (bsc#1183399) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1183399 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openexr fixes the following issues: - CVE-2021-3474: Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder (bsc#1184174) - CVE-2021-3475: Integer-overflow in Imf_2_5::calculateNumTiles (bsc#1184173) - CVE-2021-3476: Undefined-shift in Imf_2_5::unpack14 (bsc#1184172) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1184172 SUSE bug 1184173 SUSE bug 1184174 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution (bsc#1179998). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179998 CVE-2020-35458 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for various openSUSE kernel related packages refreshes them with the new UEFI Secure boot key. Moderate SUSE bug 1174543 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tpm2-tss-engine fixes the following issues: - Added support to disable fixed compilation flags - Added --disable-defaultflags during compilation to avoid breakage of our gcc-PIE profile (resulted in non-position-independent executable tpm2-tss-genkey, bsc#1183895) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1183895 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1172926 SUSE bug 1176390 SUSE bug 1176489 SUSE bug 1176679 SUSE bug 1176828 SUSE bug 1177360 SUSE bug 1177857 SUSE bug 1178837 SUSE bug 1178860 SUSE bug 1178905 SUSE bug 1178932 SUSE bug 1179569 SUSE bug 1179997 SUSE bug 1182766 CVE-2020-25678 CVE-2020-27839 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for umoci fixes the following issues: - Update to umoci v0.4.6. - CVE-2021-29136: malicious layer allows overwriting of host files (bsc#1184147) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1184147 CVE-2021-29136 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1179999 CVE-2020-35459 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for spamassassin fixes the following issues: - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1159133 SUSE bug 1184221 CVE-2019-12420 CVE-2020-1946 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags (boo#1184547) Update to 3.1.5: * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. Update to 3.1.4 (boo#1168280, CVE-2020-6817): * ``bleach.clean`` behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to ``bleach.clean`` with an allowed tag with an allowed ``style`` attribute were vulnerable to ReDoS. For example, ``bleach.clean(..., attributes={'a': ['style']})``. * Style attributes with dashes, or single or double quoted values are cleaned instead of passed through. update to 3.1.3 (boo#1167379, CVE-2020-6816): * Add relative link to code of conduct. (#442) * Drop deprecated 'setup.py test' support. (#507) * Fix typo: curren -> current in tests/test_clean.py (#504) * Test on PyPy 7 * Drop test support for end of life Python 3.4 * ``bleach.clean`` behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or ``svg`` tags and one or more of the RCDATA tags ``script``, ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or ``xmp`` in the allowed tags whitelist were vulnerable to a mutation XSS. Important SUSE bug 1167379 SUSE bug 1168280 SUSE bug 1184547 CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fluidsynth fixes the following issues: - CVE-2021-28421: Fix use after free vulnerability in file loader (boo#1184705) Important SUSE bug 1184705 CVE-2021-28421 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wpa_supplicant fixes the following issues: - CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1184348 CVE-2021-30004 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for opensc fixes the following issues: - CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746). - CVE-2019-15946: Fixed an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747) - CVE-2019-19479: Fixed an incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256) - CVE-2019-19480: Fixed an improper free operation in sc_pkcs15_decode_prkdf_entry (bsc#1158307). - CVE-2019-20792: Fixed a double free in coolkey_free_private_data (bsc#1170809). - CVE-2020-26570: Fixed a buffer overflow in sc_oberthur_read_file (bsc#1177364). - CVE-2020-26571: Fixed a stack-based buffer overflow in gemsafe GPK smart card software driver (bsc#1177380) - CVE-2020-26572: Fixed a stack-based buffer overflow in tcos_decipher (bsc#1177378). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1149746 SUSE bug 1149747 SUSE bug 1158256 SUSE bug 1158307 SUSE bug 1170809 SUSE bug 1177364 SUSE bug 1177378 SUSE bug 1177380 CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2019-19480 CVE-2019-20792 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Chromium 89.0.4389.128 (boo#1184700): * CVE-2021-21206: Use after free in blink * CVE-2021-21220: Insufficient validation of untrusted input in v8 for x86_64 Critical SUSE bug 1184700 CVE-2021-21206 CVE-2021-21220 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.1.3: - desktop#2884 [stable-3.1] Add support for Hirsute - desktop#2920 [stable-3.1] Validate sensitive URLs to onle allow http(s) schemes. - desktop#2926 [stable-3.1] Validate the providers ssl certificate - desktop#2939 Bump release to 3.1.3 This also fix security issues: - (boo#1184770, CVE-2021-22879, NC-SA-2021-008 , CWE-99) Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. Important SUSE bug 1184770 CVE-2021-22879 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Linux Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - fix Patch-mainline: patches.suse/cifs_debug-use-pd-instead-of-messing-with-d_name.patch - fix patch metadata - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - gianfar: Handle error code at MAC address change (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: wan/lmc: unregister device when no matching device is found (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes). - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: fix setting irq affinity (bsc#1184583). Important SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1113295 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1167574 SUSE bug 1175995 SUSE bug 1178181 SUSE bug 1181507 SUSE bug 1183405 SUSE bug 1184074 SUSE bug 1184120 SUSE bug 1184194 SUSE bug 1184211 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184485 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184585 SUSE bug 1184647 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-28950 CVE-2021-29154 CVE-2021-30002 CVE-2021-3483 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to version 78.9.1 (MFSA 2021-12,MFSA 2021-13, bsc#1183942, bsc#1184536) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs * CVE-2021-23991: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key * CVE-2021-23992: A crafted OpenPGP key with an invalid user ID could be used to confuse the user * CVE-2021-23993: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key - cleaned up and fixed mozilla.sh.in for wayland (bsc#1177542) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1177542 SUSE bug 1183942 SUSE bug 1184536 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for irssi fixes the following issues: irssi was updated to 1.2.3 (boo#1184848) - Fix the compilation of utf8proc (#1021) - Fix wrong call to free. By Zero King (#1076) - Fix a colour reset in true colour themes when encountering mIRC colours (#1059) - Fix memory leak on malformed CAP requests (#1120) - Fix an erroneous free of SASL data. Credit to Oss-Fuzz (#1128, #1130) - Re-set the TLS flag when reconnecting (#1027, #1134) - Fix the scrollback getting stuck after /clear (#1115, #1136) - Fix the input of Ctrl+C as the first character (#1153, #1154) - Fix crash on quit during unloading of modules on certain platforms (#1167) - Fix Irssi freezing input after Ctrl+Space on GLib >2.62 (#1180, #1183) - Fix layout of IDCHANs. By Lauri Tirkkonen (#1197) - Fix crash when server got reconnected before it was properly connected (#1210, #1211) - Fix multiple identical active caps (#1249) - Minor help corrections (#1156, #1213, #1214, #1255) - Remove erroneous colour in the colorless theme. Reported and fixed by Nutchanon Wetchasit (#1220, #1221) - Fix invalid bounds calculation when editing the text entry. Found and fixed by Sergey Valentey (#1269) - Fix passing of negative size in buffer writes. Found and fixed by Sergey Valentey (#1270) - Fix Irssi freezing on slow hardware and fast DCC transfers (#159, #1271) - Fix compilation on Solaris (#1291) - Fix null pointer dereference when receiving broken JOIN record. Credit to Oss-Fuzz (#1292) - Fix crash on /connect to some sockets (#1239, #1298) - Fix Irssi rendering on Apple ARM. By Misty De M?o (#1267, #1268, #1290) - Fix crash on /lastlog with broken lines (#1281, #1299) - Fix memory leak when receiving bogus SASL authentication data. Found and fixed by Sergey Valentey (#1293) Moderate SUSE bug 1184848 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-django-registration fixes the following issues: Update to 3.1.2 (boo#1184427, CVE-2021-21416) * Filter sensitive POST parameters in error reports * Fix RemovedInDjango40Warning from Signal arguments Moderate SUSE bug 1184427 CVE-2021-21416 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1050625 SUSE bug 1174016 SUSE bug 1177238 SUSE bug 1177275 SUSE bug 1177427 SUSE bug 1177583 SUSE bug 1178910 SUSE bug 1178966 SUSE bug 1179083 SUSE bug 1179222 SUSE bug 1179415 SUSE bug 1179909 CVE-2017-9271 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: - Opera was updated to version 75.0.3969.171 (boo#1184256) CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, CVE-2021-21199, CVE-2021-21191, CVE-2021-21192, CVE-2021-21193 Important SUSE bug 1184256 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for jhead fixes the following issues: - CVE-2021-3496: Fixed heap-based buffer overflow in Get16u() in exif.c (bsc#1184756) Moderate SUSE bug 1184756 CVE-2021-3496 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for shim fixes the following issues: - Updated openSUSE x86 signature - Avoid the error message during linux system boot (boo#1184454) - Prevent the build id being added to the binary. That can cause issues with the signature Update to 15.4 (boo#1182057) + Rename the SBAT variable and fix the self-check of SBAT + sbat: add more dprint() + arm/aa64: Swizzle some sections to make old sbsign happier + arm/aa64 targets: put .rel* and .dyn* in .rodata - Change the SBAT variable name and enhance the handling of SBAT (boo#1182057) Update to 15.3 for SBAT support (boo#1182057) + Drop gnu-efi from BuildRequires since upstream pull it into the - Generate vender-specific SBAT metadata + Add dos2unix to BuildRequires since Makefile requires it for vendor SBAT - Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt - Check CodeSign in the signer's EKU (boo#1177315) - Fixed NULL pointer dereference in AuthenticodeVerify() (boo#1177789, CVE-2019-14584) - All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore. - shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (boo#1177315) Important SUSE bug 1173411 SUSE bug 1174512 SUSE bug 1175509 SUSE bug 1177315 SUSE bug 1177404 SUSE bug 1177789 SUSE bug 1182057 SUSE bug 1184454 CVE-2019-14584 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for privoxy fixes the following issues: privoxy was updated to 3.0.29: * Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. OVE-20201118-0001 * Fixed a memory leak in the show-status CGI handler when no action files are configured OVE-20201118-0002 * Fixed a memory leak in the show-status CGI handler when no filter files are configured OVE-20201118-0003 * Fixes a memory leak when client tags are active OVE-20201118-0004 * Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error OVE-20201118-0005 * Prevent an unlikely dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. OVE-20201118-0006 * Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail. OVE-20201118-0007 * Fixed memory leaks in the show-status CGI handler when memory allocations fail OVE-20201118-0008 * Add experimental https inspection support * Use JIT compilation for static filtering for speedup * Add support for Brotli decompression, add 'no-brotli-accepted' filter which prevents the use of Brotli compression * Add feature to gather exended statistics * Use IP_FREEBIND socket option to help with failover * Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended host patterns with 'PCRE-HOST-PATTERN:' * Added 'Cross-origin resource sharing' (CORS) support * Add SOCKS5 username/password support * Bump the maximum number of action and filter files to 100 each * Fixed handling of filters with 'split-large-forms 1' when using the CGI editor. * Better detect a mismatch of connection details when figuring out whether or not a connection can be reused * Don't send a 'Connection failure' message instead of the 'DNS failure' message * Let LOG_LEVEL_REQUEST log all requests * Improvements to default Action file License changed to GPLv3. - remove packaging vulnerability boo#1157449 Moderate SUSE bug 1157449 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-27835: A use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-28374: In drivers/target/target_core_xcopy.c insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore (bnc#1178372). - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c might have allowed remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332 (bnc#1180559). - CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960). - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180031). - CVE-2020-27068: In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation (bnc#1180086). - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180027). - CVE-2020-0465: In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180029). - CVE-2020-29661: A locking issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_jobctrl.c allowed a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b (bnc#1179745). - CVE-2020-29660: A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may have allowed a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24 (bnc#1179745). - CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel (bnc#1179107). - CVE-2020-29373: An issue was discovered in fs/io_uring.c in the Linux kernel It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d (bnc#1179434). - CVE-2020-11668: drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandled invalid descriptors, aka CID-a246b4d54770 (bnc#1168952). - CVE-2020-27830: Fixed a NULL-ptr deref bug in spk_ttyio_receive_buf2 (bnc#1179656). - CVE-2020-29370: An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71 (bnc#1179435). - CVE-2020-27786: A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation (bnc#1179601). The following non-security bugs were fixed: - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (git-fixes). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes). - ALSA: hda/realtek - Modify Dell platform name (git-fixes). - ALSA: hda/realtek - Supported Dell fixed type headset (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for more HP laptops (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: hda/realtek: Add two 'Intel Reference board' SSID in the ALC256 (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7 (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes). - ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add quirk for RC-505 (git-fixes). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203). - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove 'default m' (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: hci_h5: close serdev device and free hu in h5_close (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - Drop a backported uvcvideo patch that caused a regression (bsc#1180117) Also blacklisting the commit - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - EDAC/amd64: Fix PCI component registration (bsc#1152489). - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - HID: Add Logitech Dinovo Edge battery quirk (git-fixes). - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes). - HID: add support for Sega Saturn (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes). - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes). - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes). - HMAT: Register memory-side cache after parsing (bsc#1178660). - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878). - IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878). - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - IB/mlx4: Add and improve logging (bsc#1152489) - IB/mlx4: Add support for MRA (bsc#1152489) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - Move 'btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575).' to sorted section - Move upstreamed USB-audio patches into sorted section - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PCI: brcmstb: Initialize 'tmp' before use (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - RDMA/core: Fix reported speed and width (bsc#1152489) - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - RDMA/qedr: Fix doorbell setting (bsc#1152489) - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - Revert 'ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks' (git-fixes). - Revert 'ceph: allow rename operation under different quota realms' (bsc#1180541). - Revert 'geneve: pull IP header before ECN decapsulation' (git-fixes). - Revert 'i2c: i2c-qcom-geni: Fix DMA transfer race' (git-fixes). - Revert 'platform/x86: wmi: Destroy on cleanup rather than unregister' (git-fixes). - Revert 'powerpc/pseries/hotplug-cpu: Remove double free in error path' (bsc#1065729). - USB: UAS: introduce a quirk to set no_write_same (git-fixes). - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes). - USB: serial: ch341: add new Product ID for CH341A (git-fixes). - USB: serial: ch341: sort device-id entries (git-fixes). - USB: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - USB: serial: keyspan_pda: fix stalled writes (git-fixes). - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - USB: serial: keyspan_pda: fix write deadlock (git-fixes). - USB: serial: keyspan_pda: fix write unthrottling (git-fixes). - USB: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - USB: serial: kl5kusb105: fix memleak on open (git-fixes). - USB: serial: kl5kusb105: fix memleak on open (git-fixes). - USB: serial: mos7720: fix parallel-port state restore (git-fixes). - USB: serial: option: add Fibocom NL668 variants (git-fixes). - USB: serial: option: add interface-number sanity check to flag handling (git-fixes). - USB: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - USB: serial: option: fix Quectel BG96 matching (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610). - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - batman-adv: Consider fragmentation for needed_headroom (git-fixes). - batman-adv: Do not always reallocate the fragmentation skb head (git-fixes). - batman-adv: Reserve needed_*room for fragments (git-fixes). - bitmap: remove unused function declaration (git-fixes). - blk-mq-blk-mq-provide-forced-completion-method.patch: (bsc#1175995,jsc#SLE-15608,bsc#1178756). - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933). - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: fix missing delalloc new bit for new delalloc ranges (bsc#1180773). - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773). - btrfs: make btrfs_set_extent_delalloc take btrfs_inode (bsc#1180773). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: sun4i-ss - add the A33 variant of SS (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: at_hdmac: Substitute kzalloc with kmalloc (git-fixes). - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk() (git-fixes). - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: * context fixes - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - drm/gma500: fix error check (bsc#1152472) Backporting changes: * context fixes - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: * context fixes - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: * context fixes * adapted I/O functions to old driver - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - drm/mediatek: Add missing put_device() call in (bsc#1152472) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes: * context fixes * adapted to function layout - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: * context fixes - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: * context fixes - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: * context fixes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: * context fixes - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: * changed filename from vkms_composer.c to vkms_crc.c * context fixes - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: * context fixes - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: * context fixes - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: * context fixes - drm: rcar-du: Put reference to VSP device (bsc#1152489) - epoll: Keep a reference on files added to the check list (bsc#1180031). - ethtool: fix error handling in ethtool_phys_id (git-fixes). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fail_function: Remove a redundant mutex unlock (bsc#1149032). - fbcon: Remove the superfluous break (bsc#1152472) - firmware: arm_sdei: Document the motivation behind these set_fs() calls (jsc#SLE-16610). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - fs/minix: check return value of sb_getblk() (bsc#1179676). - fs/minix: do not allow getting deleted inodes (bsc#1179677). - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - fs/minix: reject too-large maximum file size (bsc#1179678). - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - fs/minix: set s_maxbytes correctly (bsc#1179679). - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - geneve: pull IP header before ECN decapsulation (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - i2c: sprd: use a specific timeout to avoid system hang up issue (git-fixes). - i3c master: fix missing destroy_workqueue() on error in i3c_master_register (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - iomap: Clear page error before beginning a write (bsc#1179683). - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - iommu-amd-Increase-interrupt-remapping-table-limit-t.patch: (bsc#1179652). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for USB audio driver (bsc#1178203). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kdb: Fix pager search for multi-line strings (git-fixes). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - kgdb: Drop malformed kernel doc comment (git-fixes). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - lib/string: remove unnecessary #undefs (git-fixes). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - media: gp8psk: initialize stats at power control logic (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610). - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/x25: prevent a couple of overflows (bsc#1178590). - net: sctp: Rename fallthrough label to unhandled (bsc#1178203). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - nvme-fc: cancel async events before freeing event struct (git-fixes). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-force-complete-cancelled-requests.patch: (bsc#1175995,bsc#1178756,jsc#SLE-15608). Without this we can end up with a series of nvme QID timeouts, regardless of filesystem when fstests is used or any error injection mechanism is used. Without this fix, we end up with 9 failures on xfs, but due to its generic nature, will likely end up with other failures on other filesystems. This does not allow a clean slate reliable fstests run. This fixes that issue. Through code inspection I found these changes were already present on SLE15-SP3 but not on SLE15-SP2. - nvme-multipath: fix bogus request queue reference put (bsc#1175389). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme-pci: properly print controller address (git-fixes). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-tcp: do not poll a non-live queue (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - nvme-tcp: fix possible leakage during error flow (git-fixes). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - nvme: Revert: Fix controller creation races with teardown (git-fixes). - nvme: do not protect ns mutation with ns->head->lock (git-fixes). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - qede: Notify qedr when mtu has changed (bsc#1152489) - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - r8169: work around power-saving bug on some chip versions (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev (git-fixes). - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtc: pl031: fix resource leak in pl031_probe (git-fixes). - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes). - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - s390: add 3f program exception handler (git-fixes). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - sched/fair: Check for idle core in wake_affine (git fixes (sched)). - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - sched/fair: Fix race between runtime distribution and (git-fixes) - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/fair: Refill bandwidth before scaling (git-fixes) - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). Replace patches.suse/qla2xxx-return-ebusy-on-fcport-deletion.patch with upstream version. - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). Refresh: - patches.suse/qla2xxx-return-ebusy-on-fcport-deletion.patch - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000). - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: stm32: FIFO threshold level - fix align packet size (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: mt7621-dma: Fix a resource leak in an error handling path (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - swiotlb: fix 'x86: Do not panic if can not alloc buffer for swiotlb' (git-fixes). - swiotlb: using SIZE_MAX needs limits.h included (git-fixes). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: Fix ->session locking (bsc#1179745). - ubifs: Do not parse authentication mount options in remount process (bsc#1179688). - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - udf: Fix memory leak when mounting (bsc#1179712). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: usbip: vhci_hcd: protect shift size (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489). - x86/mm: Fix leak of pmd ptlock (bsc#1152489). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1152489). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Do not move a task to the same resource group (bsc#1152489). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1152489). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1152489). - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). Important SUSE bug 1040855 SUSE bug 1044120 SUSE bug 1044767 SUSE bug 1055117 SUSE bug 1065729 SUSE bug 1094840 SUSE bug 1109695 SUSE bug 1115431 SUSE bug 1138374 SUSE bug 1139944 SUSE bug 1149032 SUSE bug 1152457 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1156315 SUSE bug 1156395 SUSE bug 1158775 SUSE bug 1161099 SUSE bug 1163727 SUSE bug 1165933 SUSE bug 1168952 SUSE bug 1171000 SUSE bug 1171078 SUSE bug 1171688 SUSE bug 1172145 SUSE bug 1172733 SUSE bug 1174486 SUSE bug 1175079 SUSE bug 1175389 SUSE bug 1175480 SUSE bug 1175995 SUSE bug 1176396 SUSE bug 1176846 SUSE bug 1176942 SUSE bug 1176956 SUSE bug 1177326 SUSE bug 1177500 SUSE bug 1177666 SUSE bug 1177679 SUSE bug 1177733 SUSE bug 1178049 SUSE bug 1178203 SUSE bug 1178270 SUSE bug 1178372 SUSE bug 1178590 SUSE bug 1178612 SUSE bug 1178634 SUSE bug 1178660 SUSE bug 1178756 SUSE bug 1178780 SUSE bug 1179107 SUSE bug 1179204 SUSE bug 1179419 SUSE bug 1179434 SUSE bug 1179435 SUSE bug 1179519 SUSE bug 1179575 SUSE bug 1179578 SUSE bug 1179601 SUSE bug 1179604 SUSE bug 1179639 SUSE bug 1179652 SUSE bug 1179656 SUSE bug 1179670 SUSE bug 1179671 SUSE bug 1179672 SUSE bug 1179673 SUSE bug 1179675 SUSE bug 1179676 SUSE bug 1179677 SUSE bug 1179678 SUSE bug 1179679 SUSE bug 1179680 SUSE bug 1179681 SUSE bug 1179682 SUSE bug 1179683 SUSE bug 1179684 SUSE bug 1179685 SUSE bug 1179687 SUSE bug 1179688 SUSE bug 1179689 SUSE bug 1179690 SUSE bug 1179703 SUSE bug 1179704 SUSE bug 1179707 SUSE bug 1179709 SUSE bug 1179710 SUSE bug 1179711 SUSE bug 1179712 SUSE bug 1179713 SUSE bug 1179714 SUSE bug 1179715 SUSE bug 1179716 SUSE bug 1179745 SUSE bug 1179763 SUSE bug 1179878 SUSE bug 1179888 SUSE bug 1179892 SUSE bug 1179896 SUSE bug 1179960 SUSE bug 1179963 SUSE bug 1180027 SUSE bug 1180029 SUSE bug 1180031 SUSE bug 1180052 SUSE bug 1180056 SUSE bug 1180086 SUSE bug 1180117 SUSE bug 1180258 SUSE bug 1180261 SUSE bug 1180506 SUSE bug 1180541 SUSE bug 1180559 SUSE bug 1180566 SUSE bug 1180773 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-25639 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-27835 CVE-2020-28374 CVE-2020-29370 CVE-2020-29373 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for qemu fixes the following issues: - CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385) - CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934) - CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673) - CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684) - CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682) - CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174) - CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468) - CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108) - CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686) - CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612) - CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577) - CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968) - CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968) - CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400) - CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064) - Added a few more usability improvements for our git packaging workflow This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1172385 SUSE bug 1173612 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178174 SUSE bug 1178400 SUSE bug 1178934 SUSE bug 1179466 SUSE bug 1179467 SUSE bug 1179468 SUSE bug 1179686 SUSE bug 1181108 SUSE bug 1182425 SUSE bug 1182577 SUSE bug 1182968 SUSE bug 1184064 CVE-2020-12829 CVE-2020-15469 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27616 CVE-2020-27617 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20257 CVE-2021-3416 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs-underscore fixes the following issues: Update version to 1.13.1 * Fix security issue (boo#1184800, CVE-2021-23358) * Fix bugs * Many new features Important SUSE bug 1184800 CVE-2021-23358 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1183936 CVE-2021-3156 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string (bsc#1184755) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1184755 CVE-2021-29425 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ImageMagick fixes the following issues: - CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624) - CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626) - CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627) - CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1184624 SUSE bug 1184626 SUSE bug 1184627 SUSE bug 1184628 CVE-2021-20309 CVE-2021-20311 CVE-2021-20312 CVE-2021-20313 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1184644 CVE-2021-28965 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nim fixes the following issues: num was updated to version 1.2.12: * Fixed GC crash resulting from inlining of the memory allocation procs * Fixed “incorrect raises effect for $(NimNode)” (#17454) From version 1.2.10: * Fixed “JS backend doesn’t handle float->int type conversion “ (#8404) * Fixed “The “try except” not work when the “OSError: Too many open files” error occurs!” (#15925) * Fixed “Nim emits #line 0 C preprocessor directives with –debugger:native, with ICE in gcc-10” (#15942) * Fixed “tfuturevar fails when activated” (#9695) * Fixed “nre.escapeRe is not gcsafe” (#16103) * Fixed ““Error: internal error: genRecordFieldAux” - in the “version-1-4” branch” (#16069) * Fixed “-d:fulldebug switch does not compile with gc:arc” (#16214) * Fixed “osLastError may randomly raise defect and crash” (#16359) * Fixed “generic importc proc’s don’t work (breaking lots of vmops procs for js)” (#16428) * Fixed “Concept: codegen ignores parameter passing” (#16897) * Fixed “{.push exportc.} interacts with anonymous functions” (#16967) * Fixed “memory allocation during {.global.} init breaks GC” (#17085) * Fixed 'Nimble arbitrary code execution for specially crafted package metadata' + https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p + (boo#1185083, CVE-2021-21372) * Fixed 'Nimble falls back to insecure http url when fetching packages' + https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8 + (boo#1185084, CVE-2021-21373) * Fixed 'Nimble fails to validate certificates due to insecure httpClient defaults' + https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx + (boo#1185085, CVE-2021-21374) from version 1.2.8 * Fixed “Defer and –gc:arc” (#15071) * Fixed “Issue with –gc:arc at compile time” (#15129) * Fixed “Nil check on each field fails in generic function” (#15101) * Fixed “[strscans] scanf doesn’t match a single character with $+ if it’s the end of the string” (#15064) * Fixed “Crash and incorrect return values when using readPasswordFromStdin on Windows.” (#15207) * Fixed “Inconsistent unsigned -> signed RangeDefect usage across integer sizes” (#15210) * Fixed “toHex results in RangeDefect exception when used with large uint64” (#15257) * Fixed “Mixing ‘return’ with expressions is allowed in 1.2” (#15280) * Fixed “proc execCmdEx doesn’t work with -d:useWinAnsi” (#14203) * Fixed “memory corruption in tmarshall.nim” (#9754) * Fixed “Wrong number of variables” (#15360) * Fixed “defer doesnt work with block, break and await” (#15243) * Fixed “Sizeof of case object is incorrect. Showstopper” (#15516) * Fixed “Mixing ‘return’ with expressions is allowed in 1.2” (#15280) * Fixed “regression(1.0.2 => 1.0.4) VM register messed up depending on unrelated context” (#15704) from version 1.2.6 * Fixed “The pegs module doesn’t work with generics!” (#14718) * Fixed “[goto exceptions] {.noReturn.} pragma is not detected in a case expression” (#14458) * Fixed “[exceptions:goto] C compiler error with dynlib pragma calling a proc” (#14240) * Fixed “Nim source archive install: ‘install.sh’ fails with error: cp: cannot stat ‘bin/nim-gdb’: No such file or directory” (#14748) * Fixed “Stropped identifiers don’t work as field names in tuple literals” (#14911) * Fixed “uri.decodeUrl crashes on incorrectly formatted input” (#14082) * Fixed “odbcsql module has some wrong integer types” (#9771) * Fixed “[ARC] Compiler crash declaring a finalizer proc directly in ‘new’” (#15044) * Fixed “code with named arguments in proc of winim/com can not been compiled” (#15056) * Fixed “javascript backend produces javascript code with syntax error in object syntax” (#14534) * Fixed “[ARC] SIGSEGV when calling a closure as a tuple field in a seq” (#15038) * Fixed “Compiler crashes when using string as object variant selector with else branch” (#14189) * Fixed “Constructing a uint64 range on a 32-bit machine leads to incorrect codegen” (#14616) Update to version 1.2.2: * See https://nim-lang.org/blog.html for details Update to version 1.0.2: * See https://nim-lang.org/blog.html for details Moderate SUSE bug 1185083 SUSE bug 1185084 SUSE bug 1185085 CVE-2021-21372 CVE-2021-21373 CVE-2021-21374 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libdwarf fixes the following issues: - Hardening: Link /usr/bin/dwarfdump as PIE (bsc#1185057). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1185057 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: - Chromium was updated to 90.0.4430.93 (boo#1184764,boo#1185047,boo#1185398) * CVE-2021-21227: Insufficient data validation in V8. * CVE-2021-21232: Use after free in Dev Tools. * CVE-2021-21233: Heap buffer overflow in ANGLE. * CVE-2021-21228: Insufficient policy enforcement in extensions. * CVE-2021-21229: Incorrect security UI in downloads. * CVE-2021-21230: Type Confusion in V8. * CVE-2021-21231: Insufficient data validation in V8. * CVE-2021-21222: Heap buffer overflow in V8 * CVE-2021-21223: Integer overflow in Mojo * CVE-2021-21224: Type Confusion in V8 * CVE-2021-21225: Out of bounds memory access in V8 * CVE-2021-21226: Use after free in navigation * CVE-2021-21201: Use after free in permissions * CVE-2021-21202: Use after free in extensions * CVE-2021-21203: Use after free in Blink * CVE-2021-21204: Use after free in Blink * CVE-2021-21205: Insufficient policy enforcement in navigation * CVE-2021-21221: Insufficient validation of untrusted input in Mojo * CVE-2021-21207: Use after free in IndexedDB * CVE-2021-21208: Insufficient data validation in QR scanner * CVE-2021-21209: Inappropriate implementation in storage * CVE-2021-21210: Inappropriate implementation in Network * CVE-2021-21211: Inappropriate implementation in Navigatio * CVE-2021-21212: Incorrect security UI in Network Config UI * CVE-2021-21213: Use after free in WebMIDI Critical SUSE bug 11845047 SUSE bug 1184764 SUSE bug 1185398 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for virtualbox fixes the following issues: - Version bump to 6.1.20 (released April 20 2021 by Oracle) Fixes boo#1183329 'virtualbox 6.1.18 crashes when it runs nested VM' Fixes boo#1183125 'Leap 15.3 installation in Virtualbox without VBox integration' Fixes CVE-2021-2264 and boo#1184542. The directory for the <user>.start files for autostarting VMs is moved from /etc/vbox to /etc/vbox/autostart.d. In addition, the autostart service is hardened (by Oracle). - change the modalias for guest-tools and guest-x11 to get them to autoinstall. - Own %{_sysconfdir}/X11/xinit/xinitrc.d as default packages (eg systemd) no longer do so, breaking package build. - Update fixes_for_leap15.3 for kernel API changes between 5.3.18-45 and 5.3.18-47. - update-extpack.sh: explicitly use https:// protocol for authenticity. The http:// URL is currently redirected to https:// but don't rely on this. - Add code to generate guest modules for Leap 15.2 and Leap 15.3. The kernel versions do not allow window resizing. Files 'virtualbox-kmp-files-leap' and 'vboxguestconfig.sh' are added - Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198. - Under some circumstances, shared folders are mounted as root. Important SUSE bug 1181197 SUSE bug 1181198 SUSE bug 1183125 SUSE bug 1183329 SUSE bug 1184542 CVE-2021-2074 CVE-2021-2129 CVE-2021-2264 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gsoap fixes the following issues: - CVE-2020-13576: Fixed a remote code execution via specially crafted SOAP request inside the WS-Addressing plugin (boo#1182098) Important SUSE bug 1182098 CVE-2020-13576 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for librsvg fixes the following issues: - librsvg was updated to 2.46.5: * Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2021-25900 (bsc#1183403) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183403 CVE-2021-25900 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1184401 CVE-2021-20305 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - s3-libads: use dns name to open a ldap session (bsc#1184310). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1178469 SUSE bug 1179156 SUSE bug 1183572 SUSE bug 1183574 SUSE bug 1184310 SUSE bug 1184677 CVE-2020-27840 CVE-2021-20254 CVE-2021-20277 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 (bsc#1184155): * Fix the authentication request port when URL omits the port. * Fix iframe scrolling when main frame is scrolled in async * scrolling mode. * Stop using g_memdup. * Show a warning message when overriding signal handler for * threading suspension. * Fix the build on RISC-V with GCC 11. * Fix several crashes and rendering issues. * Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 - Update in version 2.30.6 (bsc#1184262): * Update user agent quirks again for Google Docs and Google Drive. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. - Update _constraints for armv6/armv7 (bsc#1182719) - restore NPAPI plugin support which was removed in 2.32.0 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182719 SUSE bug 1184155 SUSE bug 1184262 CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cifs-utils fixes the following security issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239) - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477) This update for cifs-utils fixes the following issues: - Solve invalid directory mounting. When attempting to change the current working directory into non-existing directories, mount.cifs crashes. (bsc#1152930) - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update. (bsc#1184815) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1152930 SUSE bug 1174477 SUSE bug 1183239 SUSE bug 1184815 CVE-2020-14342 CVE-2021-20208 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs12 fixes the following issues: - New upstream LTS version 12.20.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - New upstream LTS version 12.20.0: * deps: + update llhttp '2.1.2' -> '2.1.3' + update uv '1.39.0' -> '1.40.0' + update uvwasi '0.0.10' -> '0.0.11' * fs: add .ref() and .unref() methods to watcher classes * http: added scheduling option to http agent * module: + exports pattern support + named exports for CJS via static analysis * n-api: add more property defaults (gh#35214) - New upstream LTS version 12.19.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277) - New upstream LTS version 12.19.0: * crypto: add randomInt function * deps: + upgrade to libuv 1.39.0 + deps: upgrade npm to 6.14.7 + deps: upgrade to libuv 1.38.1 * doc: deprecate process.umask() with no arguments * module: + package 'imports' field + module: deprecate module.parent * n-api: create N-API version 7 * zlib: switch to lazy init for zlib streams This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1178882 SUSE bug 1179491 SUSE bug 1180553 SUSE bug 1180554 CVE-2020-1971 CVE-2020-8265 CVE-2020-8277 CVE-2020-8287 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed * CVE-2021-29948: Race condition when reading from disk while verifying signatures This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postsrsd fixes the following issues: Update to release 1.11 [boo#1180251] * Drop group privileges as well as user privileges * Fixed: The subprocess that talks to Postfix could be caused to hang with a very long email address. [CVE-2020-35573] Update to release 1.6 * Fix endianness issue with SHA-1 implementation * Add dual stack support * Make SRS separator configurable Moderate SUSE bug 1180251 CVE-2020-35573 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for netdata fixes the following issues: - Update to 1.29.3 Release v1.29.3 is a patch release to improve the stability of the Netdata Agent. We discovered a bug that when proc.plugin attempts to collect the operstate parameter for a virtual network interface. If the chart is obsoleted, the Netdata Agent crashes. This release also contains additional bug fixes and improvements. Bug fixes * Fix proc.plugin to invalidate RRDSETVAR pointers on obsoletion. - Update to 1.29.2 Release v1.29.2 is a patch release to improve the stability of the Netdata Agent. We discovered that an improvement introduced in v1.29.0 could inadvertently set all os_* host labels to unknown, which could affect users who leverage these host labels to organize their nodes, deploy health entities, or export metrics to external time-series databases. This bug has been fixed. This release also contains additional bug fixes and improvements. Improvements * Make the Opsgenie API URL configurable. * Add k8s_cluster_id host label. * Enable apps.plugin aggregation debug messages. * Add configuration parameter to disable stock alarms. * Add ACLK proxy setting as host label. * Add freeswitch to apps_groups.conf. * Simplify thread creation and remove unnecessary variables in the eBPF plugin. Bug fixes * Fix the context filtering on the data query endpoint. * Fix container/host detection in the system-info.sh script. * Add a small delay to the ipv4_tcp_resets alarms. * Fix collecting operstate for virtual network interfaces. * Fix sendmail unrecognized option F error. * Fix so that raw binary data should never be printed. * Change KSM memory chart type to stacked. * Allow the REMOVED alarm status via ACLK if the previous status was WARN/CRIT. * Reduce excessive logging in the ACLK. - Changes in 1.29.1 Release v1.29.1 is a hotfix release to address a crash in the Netdata Agent. A locking bug in one of the internal collectors in Netdata could cause it to crash during shutdown in a way that would result in the Netdata Agent taking an excessively long time to exit. Bug fixes * Fix crash during shutdown of cgroups internal plugin. - Update to 1.29.0 (go.d.plugin 0.27.0) The v1.29.0 release of the Netdata Agent is a maintenance release that brings incremental but necessary improvements that make your monitoring experience more robust. We've pushed improvements and bug fixes to the installation and update scripts, enriched our library of collectors, and focused on fixing bugs reported by the community. At a glance Netdata now collects and meaningfully organizes metrics from both the Couchbase JSON document database and the nginx-module-vts module for exposing metrics about NGINX virtual hosts. We've also migrated more collectors from Python to Go in our continued efforts to make data collection faster and more robust. The newest effort includes our Redis, Pika, and Energi Core Wallet collectors. On the dashboard, we improved the responsiveness of panning forward and backward through historical metrics data by preventing unnecessary updates and reducing the number of calls. The charts should also now immediately update when you stop panning. Improvements * Reduce the number of alarm updates on ACLK. * Remove unused entries from structures. * Improve the retry/backoff during claiming. * Support multiple chart label keys in data queries. * Truncate excessive information from titles for apps and cgroups collectors. * Use mguid instead of hostname in the ACLK collector list. * Cleanup and minor fixes to eBPF collector. * Add _is_k8s_node label to the host labels. * Move ACLK into a legacy subfolder. * Exclude autofs by default in the diskspace plugin. * Mark internal functions as static in health code. * Remove unused struct in health code. * Add support for per series styling for dygraphs. Dashboard * Fix minor vulnerability alert by updating socket-io dependency. * Fix dygraph panning responsiveness, chart heights and performance improvements. * Make legend position configurable. Collectors * Add Go version of the redis collector. * Add Go version of the pika collector. * Add Go version of the energis collector. * Add a new nginxvts collector. * Add a new couchbase collector. * Add Traefik v2 to the prometheus collector default configuration. * Add an expected_prefix configuration option to the prometheus collector. * Add patterns support to the filecheck collector. Bug fixes * Fix container detection from systemd-detect-virt. * Fix handling of TLS config so that cURL works in all cases. * Fix disconnect message sent via ACLK on agent shutdown * Fix prometheus remote write header * Fix values in Prometheus export for metrics, collected by the Prometheus collector * Fix handling spaces in labels values in the Prometheus collector * Fix mysql.slave_status alarm for go mysql collector * Make mdstat_mismatch_cnt alarm less strict * Dispatch cgroup discovery into another thread * Fix data source option for Prometheus web API in exporting configuration * Fix anomalies collector custom model bug * Fix broken dbengine stress tests. * Fix segmentation fault in the agent * Fix memory allocation when computing standard deviation * Fix temperature parsing in the hddtemp collector * Fix postgres password bug and change default config * Add handling 'yes' and 'no' and flexible space match in the python.d/fail2ban plugin * Fix spelling mistakes in the Python plugin and documentation. - Update to v1.28 Release v1.28.0 is a hotfix release to address a deadlock in the Netdata Agent. If the Agent-Cloud link (ACLK) connection drops and the Agent fails to queue an on_connect message, it also fails to properly release a lock in the web server thread. - Enable additional dependencies (gprc, json, libcurl, libelf, libwebsockets, protobuf, snappy, xenstat, yajl) - Update to v1.27.0 (go.d.plugin 0.26.2) The v1.27.0 release of the Netdata Agent brings dramatic improvements to long-term metrics storage via the database engine, and new dashboard features like a time & date picker for visualizing precise timeframes. Two new collectors bring incredible new value to existing features, including a bit of machine learning magic. This release contains 8 new collectors, 1 new notification method (2 others enhanced), 54 improvements, 41 documentation updates, and 58 bug fixes. Improvements * Add labels for Kubernetes pods and containers. * Add plugin and module health entities. * Migrate the metadata log to SQLite. * Add an extent cache to the database engine. * Added new data query option allow_past. Netdata Cloud * Add the ability to query child nodes by their GUID. * Add child availability messages to the ACLK. * Add a metric showing how long a query spent in the queue. * Completely hide the SSO iframe. Collectors * Add alarms obsoletion and disable alarms collector by default. * Add calls for tcp_sendmsg, tcp_retransmit_skb, tcp_cleanup_rcv, udp_sendmsg, udp_recvmsg functions charts to the eBPF collector. * Add two more insignificant warnings to suppress in anomalies collector. * Add the number of allocated/stored objects within each storage to the varnish collector. * Add a wireless statistics collector. * Add support for MSE (Massive Storage Engine) to the varnish collector. * Remove remove crit from unmatched alarms in the web_log collector. * Add GPU key metrics (nvidia_smi collector) to dashboard_info.js. * Add allocated space metrics to the oracledb collector. * Restructure the eBPF collector to improve usability. * Add an anomaly detection collector. * Add a Netdata alarms collector. * Add a configuration option to exclude users with zero memory allocated to the nvidia_smi collector. * Add per queue charts to the rabbitmq collector. * Add support for HBA drives to the hpssa collector. * Update the cgroups collector default filtering by adding pod level cgroups. * Add a Go version of the CouchDB collector (couchdb). * Add collecting HTTP method per URL pattern (url_pattern option) to the web_log collector. * Add custom time fields feature to the web_log collector. * Add a Go version of the PowerDNS Authoritative Nameserver collector (powerdns). * Add a Go version of the PowerDNS Recursor collector (powerdns_recursor). * Add a Go version of the PowerDNS DNSdist collector (dnsdist). * Add a Dnsmasq DNS Forwarder collector (dnsmasq). * Add collecting directories size to the filecheck collector. * Add old systemd versions support to the systemdunits collector. * Add unmatched lines logging to the web_log collector. Notifications * Add API V2 support to the PagerDuty health integration. * Add threads support to the Google Hangouts health integration. * Add a Opsgenie health integration. Exporting * Add HTTP and HTTPS support to the simple exporting connector. Packaging/installation * Update React dashboard v2.11. * Update go.d.plugin version to v0.26.2. * Update eBPF collector to 0.4.9. * Add ability to use system libwebsockets instead of bundled version. * Update the version of libJudy that we bundle to 1.0.5-netdata2. Bug fixes * Fix crash in the eBPF plugin by initializing variables. * Fix sending chart definition on every data collection in alarms collector. * Fix a lock check. * Fix issue with chart metadata sent multiple times over ACLK. * Fix a buffer overflow when extracting information from a streaming connection. * Fix hostname configuration in the exporting engine. * Fix units and data source exporting options. * Fix exporting config. * Fix health by disabling used_file_descriptors alarm. * Fix GPU data filtering in the nvidia_smi collector. * Fix username resolution in the nvidia_smi collector. * Fix compilation with HTTPS disabled. * Fix hostname when syslog is used in syslog health integration. * Fix streaming buffer size. * Fix database endless loop when cleaning obsolete charts. * Disable chart obsoletion code for archived chart creation. * Fix Prometheus remote write exporter so that it doesn't stop when data is not available for dimension formatting. * Fix memory calculation by moving shared from cached to used dimension. * Fix parsing in the libreswan collector. * Fix an infinite loop in the statsd plugin * Disregard host tags configuration pointer. * Fix platform dependent printf format. * Fix cgroups collector resolving container names in k8s. * Fix python.d plugin runtime chart creation. * Fix race condition in rrdset_first_entry_t() and rrdset_last_entry_t(). * Fix the data endpoint so that the context param is correctly applied to children. * Fix Coverity errors (CID 364045,364046). * Fix the elasticsearch_last_collected alarm. * Fix spelling error in xenstat.plugin. * Fix chart filtering. * Fix libnetdata headers to be compatible with C++. * Fix registry responses to remove caching. * Fix eBPF memory management. * Fix overlapping memory issue. * Fix response and upstream response time histogram charts in the web_log collector. * Fix logs timestamps always in UTC issue in the go.d.plugin * Fix collecting slave status for MariaDB v10.2.0- in the mysql collector * Fix cumulative_stats configuration option in the unbound collector * Fix parsing configuration file (respect 'include-toplevel' directive) in unbound collector * Fix handling charts with type.id >= 200 (netdata limit) in go.d.plugin * Fix parsing version query response in the mysql collector * Fix Netsplits chart dimensions algorithm in the the vernemq collector. * Fix a typo in dashboard_info.js for VerneMQ. - Allow go plugin to build for Tumbleweed - Fix RPM file list - Update to v1.26.0 (go.d.plugin 0.23.0): Improvements * Add the ability to send Agent alarm notifications to StackPulse * Add a way to get build configuration info from the Agent * Add chart for churn rates to python.d/rabbitmq * Add failed dim to the connection_fails alarm in the Portcheck alarm * Improve the data query when using the context parameter * Add a context parameter to the data endpoint (Netdata Cloud) * Change default ACLK query thread count * Remove leading whitespace before JSON in ACLK * Allow using libwebsockets without SOCKS5 * Add information about Cloud disabled status to -W buildinfo (Collectors) * Update go.d.plugin version to v0.23.0 + Add new filecheck collector + Add new systemd unit state collector + Add new ISC DHCP collector (Dashboard) * Add missing period in Netdata dashboard Bug Fixes * Fix systemd comment syntax * Fix file descriptor leak in Infiniband collector (proc.plugin) * Fix the data endpoint to prioritize chart over context if both are present * Fix cleanup of obsolete charts * Fix build for the AWS Kinesis exporting connector * Fix gauges for go.d.plugin/web_log collector * Fix locking order to address CID_362348 * Fix chart's last accessed time during context queries * Fix resource leak in case of malformed request to Netdata Cloud - Move edit-config to libexeddir - Fix conf.d path in edit-config - Fix building with go support on openSUSE 15.2 - Build with python3 - Protect /etc/netdata as it contains sensitive data (passwords, secrets) - update to 1.25.0: Improvements * Add code to release memory used by the global GUID map (#9729, @stelfrag) * Add check for spurious wakeups Netdata Cloud * Add v2 HTTP message with compression to ACLK (#9895, @underhood) * Add version negotiation to ACLK (#9819, @underhood) * Add claimed_id for child nodes streamed to their parents (#9804, @underhood) * Update netdata-installer.sh to enable Netdata Cloud support in macOS (#9360, @mrbrutti) Collectors * Update go.d.plugin version to v0.22.0 (#9898, @ilyam8) * Add support for IP ranges to Python-based isc_dhcpd collector (#9755, @vsc55) * Add Network viewer charts to ebpf.plugin (#9591, @thiagoftsm) * Add collecting active processes limit on Linux systems (#9843, @Ancairon) * Improve eBPF plugin by removing unnecessary debug messages (#9754, @thiagoftsm) * Add CAP_SYS_CHROOT for netdata service to read LXD network interfaces (#9726, @vlvkobal) * Add collecting maxmemory to python.d/redis (#9767, @ilyam8) * Add option for multiple storage backends in python.d/varnish (#9668, @florianmagnin) * Dashboard * Update dashboard v1.4.2 (#9837, @jacekkolasa) * Lots of documentation improvements and bug fixes - update to 1.24.0: * The v1.24.0 release of the Netdata Agent brings enhancements to the breadth of metrics we collect with a new generic Prometheus/OpenMetrics collector and enhanced storage and querying with a new multi-host database mode. * Add generic Prometheus/OpenMetrics collector (#9644, @ilyam8) * Add locking between different collectors for the same application, implemented in different technologies (#9584, @vlvkobal), (#9564, @ilyam8) * Implement multihost database (#9556, @stelfrag) * Add alarms for FreeBSD interface errors (#8340, @lassebm) * Many bugfixes, see https://github.com/netdata/netdata/releases/tag/v1.24.0 - Update to v1.23.2: * Fixed a buffer overrun vulnerability in Netdata's JSON parsing code. This vulnerability could be used to crash Agents remotely, and in some circumstances, could be used in an arbitrary code execution (ACE) exploit. Improvements: * Add support for multiple ACLK query processing threads * Add Infiniband monitoring to collector proc.plugin * Change the HTTP method to make the IPFS collector compatible with 0.5.0+ * Add support for returning headers using python.d's UrlService Bug fixes: * Fix vulnerability in JSON parsing * Fixed stored number accuracy * Fix transition from archived to active charts not generating alarms * Fix PyMySQL library to respect my.cnf parameter * Remove health from archived metrics * Update exporting engine to read the prefix option from instance config sections * Fix display error in Swagger API documentation * Wrap exporting engine header definitions in compilation conditions * Improve cgroups collector to autodetect unified cgroups * Fix CMake build failing if ACLK is disabled * Fix now_ms in charts.d collector to prevent tc-qos-helper crashes * Fix python.d crashes by adding a lock to stdout write function * Fix an issue with random crashes when updating a chart's metadata on the fly * Fix ACLK protocol version always parsed as 0 * Fix the check condition for chart name change * Fix the exporting engine unit tests * Fix a Coverity defect for resource leaks - update to v1.23.1: - Lots of fixes and improvements, please see CHANGELOG.md - update go.d plugin to v0.19.2 - Update to v1.22.1: Bug fixes: - Fixed the latency issue on the ACLK and suppress the diagnostics. - Restored old semantics of 'netdata -W set' command. - Removed check for old alarm status. - Changes for v1.22.0: Breaking Changes: * The previous iteration of Netdata Cloud, accessible through various Sign in and Nodes view (beta) buttons on the Agent dashboard, is deprecated in favor of the new Cloud experience. * Our old documentation site (docs.netdata.cloud) was replaced with Netdata Learn. All existing backlinks redirect to the new site. * Our localization project is no longer actively maintained. We're grateful for the hard work of its contributors. Improvements: * Netdata Cloud: - Enabled support for Netdata Cloud. - Added TTL headers to ACLK responses. - Improved the thread exit fixes in #8750. - Improved ACLK reconnection sequence. - Improved ACLK memory management and shutdown sequence. - Added session-id to ACLK using connect timestamp. * Collectors: - Improved the index size for the eBPF collector. - Added health alarm templates for the whoisquery collector. - Added a whoisquery collector. - Removed an automatic restart of apps.plugin. * Exporting: - Enabled internal statistics for the exporting engine in the Agent dashboard. - Implemented a Prometheus exporter web API endpoint. * Notifications: - Added a certificate revocation alarm for the x509check collector. - Added the ability to send Agent alarm notifications to Dynatrace. * Other: - Updated main copyright and links for the year 2020 in daemon help output. - Moved bind to to [web] section and update netdata.service.v235.in to sync it with recent changes. - Put old dashboard behind a prefix instead of using a script to switch. - Enabled the truthy rule in yamllint. - Added Borg backup, Squeezebox servers, Hiawatha web server, and Microsoft SQL to apps.plugin so that it can appropriately group them by type of service. * Bug fixes: - Fixed mdstat failed devices alarm. - Fixed rare race condition in old Cloud iframe. - Removed no-clear-notification options from portcheck health templates. - Fixed old URLs to silence Netlify's mixed content warnings. - Fixed master streaming fatal exits. - Fixed email authentiation to Cloud/Nodes View. - Fixed non-escaped characters in private registry URLs. - Fixed crash when shutting down an Agent with the ACLK disabled. - Fixed status checks for UPS devices using the apcupsd collector. - Fixed alarm notification script by adding a check to the Dynatrace notification method. - Fixed threads_creation_rate chart context in the python.d MySQL collector. - Fixed sudo check in charts.d libreswan collector to prevent daily security notices. - Update to v1.21.1: Release v1.21.1 is a hotfix release to improve the performance of the new React dashboard, which was merged and enabled by default in v1.21.0. The React dashboard shipped in v1.21.0 did not properly freeze charts that were outside of the browser's viewport. If a user who loaded many charts by scrolling through the dashboard, charts outside of their browser's viewport continued updating. This excess of chart updates caused all charts to update more slowly than every second. v1.21.1 includes improvements to the way the Netdata dashboard freezes, maintains state, and restores charts as users scroll. - Update to v1.21.0 (go.d.plugin v0.18.0): Improvements: * Extended TLS support for 1.3. * Switched to the React dashboard code as the default dashboard. * Collectors: - Added a new Pulsar collector. - Added a new VerneMQ collector. - Added high precision timer support for plugins such as idlejitter. - Added an alarm to the dns_query collector that detects DNS query failure. - Added the ability to get the pod name from cgroup with kubectl in bare-metal deployments. - Added the ability to connect to non-admin user IDs for a Ceph storage cluster. - Added connections (backend) usage to Postgres monitoring. * Exporting: - Added a MongoDB connector to the exporting engine. - Added a Prometheus Remote Write connector to the exporting engine. - Added an AWS Kinesis connector to the exporting engine. Bug fixes: * Removed notifications from the dashboard and fixed the /default.html route. * Fixed help-tooltips styling, private registry node deletion, and the right-hand sidebar 'jumping' on document clicks. * Fixed errors reported by Coverity. * Fixed broken pipe ignoring in apps.plugin. * Fixed the bytespersec chart context in the Python Apache collector. * Fixed charts.d.plugin to exit properly during Netdata service restart * Fixed minimist dependency vulnerability. * Fixed how SimpleService truncates Python module names. * Added proper prefix to Python module names during loading. * Fixed the flushing error threshold with the database engine. * Fixed memory leak for host labels streaming from slaves to master. * Fixed streaming scaling. * Fixed missing characters in kernel version field by encoding slave fields. * Fixed Ceph collector to get osd_perf_infos in versions 14.2 and higher. * Removed extraneous commas from chart information in dashboard. * Removed tmem collection from xenstat_plugin to allow Netdata on Xen 4.13 to compile successfully. * Restricted messages to Google Analytics. * Fixed Python 3 dict access in OpenLDAP collector module. - Update to v1.20.0 (go.d.plugin v0.15.0) Breaking Changes: * Removed deprecated bash collectors apache, cpu_apps, cpufreq, exim, hddtemp, load_average, mem_apps, mysql, nginx, phpfpm, postfix, squid, tomcat. If you were still using one of these collectors with custom configurations, you can find the new collector that replaces it in the supported collectors list. Improvements: * Host labels: + Added support for host labels + Improved the monitored system information detection. Added CPU freq & cores, RAM and disk space. + Started distinguishing the monitored system's (host) OS/Kernel etc. from those of the docker container's + Started creating host labels from collected system info + Started passing labels and container environment variables via the streaming protocol + Started sending host labels via exporting connectors + Added label support to alarm definitions and started recording them in alarm logs + Added support for host labels to the API responses + Added configurable host labels to netdata.conf + Added kubernetes labels * New collectors: + eBPF kernel collector + CockroachDB + squidlog: squid access log parser * Collector improvements: + apps.plugin: Created dns group, improved database group, improved ceph & samba groups + varnish: Added SMF metrics (cache on disk) + phpfpm: Fixed per process chart titles and readme + python.d: Formatted the code in all modules + node.d/snmp: - Added snmpv3 support, formatted the code in snmp.node.js + cgroups: Improved LXC monitoring by filtering out irrelevant LXC cgroups + litespeed: Added support for different .rtreport format + proc.plugin: Added pressure stall information + sensors: Improved collection logic + proc: Started monitoring network interface speed, duplex, operstate + smartd_log: Fixed the setting in the reallocated sectors count, by setting ATTR5 chart algorithm to absolute + nvidia-smi: Allow executing nvidia-smi in normal instead of loop mode + wmi: collect logon metrics, collect logical_disk disk latency metrics + weblog: handle MKCOL, PROPFIND, MOVE, SEARCH http request methods + scaleio: storage pools and sdcs metrics * Exporting engine: + Implemented the main flow for the Exporting Engine * Streaming: + Add versioning to the streaming protocol * Installation/Packages: + Improved the systemd service files, by removing unecessary ExecStartPre lines and moving global options to netdata.conf * Privacy: + Added support for opting out of telemetry via the DO_NOT_TRACK environment variable (telemetry is disabled by default on openSUSE) * Other: + Preparations for the next netdata cloud release. Added custom libmosquitto, netdata-cli and other prerequisites. + Applied linter fixes in shell scripts + Started supporting -fno-common in CFLAGS + Completely removed the unbound python collector (dead code) + Added possibility to change badges' text font color + Small updates to sample multi-host dashboard, dash.html + Added missing quoting in shell scripts + Bump handlebars from 4.2.0 to 4.5.3 + Reduce log level for uv_thread_set_name_np from error to info + Set standard name to non-libnetdata threads (libuv, pthread) * Bug fixes: + Fixed problems reported by Coverity for eBPF collector plugin + Fixed invalid literal for float\(\): NN.NNt error in the elasticsearch python plugin, by adding terabyte unit parsing + Fixed timeout failing in docker containers which broke some python.d collectors + Fixed problem with the httpcheck python collector not being able to check URLs with the POST method, by adding body to the URLService. Also record the new options in httpcheck.conf + Fixed dbengine repeated global flushing errors and collectors being blocked, by dropping dirty dbengine pages if the disk cannot keep up + Fixed issue with alarm notifications occasionally ignoring the configured severity filter when the ROLE was set to root + Fixed Netlink Connection Tracker charts in the nfacct plugin + Fixed metric values sent via remote write to Prometheus backends, when using average/sum + Fixed unclosed brackets in softnet alarm + Fixed SEGFAULT when localhost initialization failed + Reduced the number of broken pipe error log entries, after a SIGKILL + Fixed Coverity errors by restoring support for protobuf 3.0 + Fixed inability to disable Prometheus remote API + Fixed SEGFAULT from the cpuidle plugin + Fixed samba collector not working, due to inability to run sudo + Fixed invalid css/js resource errors when URL for slave node has no final / on streaming master + Fixed keys_redis chart in the redis collector, by populating keys at runtime + Fixed UrlService bytes decoding and logger unicode encoding in the python.d plugin + Fixed a warning in the prometheus remote write backend + Fixed not detecting more than one adapter in the hpssa collector + Fixed race conditions in dbengine + Fixed race condition with the dbenging page cache descriptors + Fixed dbengine dirty page flushing warning + Fixed missing parenthesis on alarm softnet.conf + Fixed 'Master thread EXPORTING takes too long to exit. Giving up' error, by cleaning up the main exporting engine thread on exit + Fixed rabbitmq error 'update() unhandled exception: invalid literal for int() with base 10' + Fixed some LGTM alerts + Fixed valgrind errors + Fixed monit collector LGTM warnings + Fixed the following go.d.plugin collector issues: . mysql: panic in Cleanup (#326) . unbound: gather metrics via unix socket (#319) . logstash: pipelines chart (#317) . unbound: configuration file parsing. . Support include mechanism. (#298) . logstash: pipelines metrics parsing (#293) . phpfpm: processes metrics parsing (#297) - Also package go.d.plugin (v0.14.1) - Update to v1.19.0 Improvements: * New collectors: + AM2320 sensor collector plugin + Added parsing of /proc/pagetypeinfo to provide metrics on fragmentation of free memory pages + The unbound collector module was completely rewritten, in Go * Collector improvements: + We rewrote our web log parser in Go, drastically improving its flexibility and performance + The Kubernetes kubelet collector now reads the service account token and uses it for authorization. We also added a new default job to collect metrics from https://localhost:10250/metrics + Added a new default job to the Kubernetes coredns collector to collect metrics from http://kube-dns.kube-system.svc.cluster.local:9153/metrics + apps.plugin: Synced FRRouting daemons configuration with the frr 7.2 release + apps.plugin: Added process group for git-related processes + apps.plugin: Added balena to the container-engines application group + web_log: Treat 401 Unauthorized requests as successful + xenstat.plugin: Prepare for xen 4.13 by checking for check xenstat_vbd_error presence + mysql: Added galera cluster_status alarm * Metrics database: + Netdata generates alarms if the disk cannot keep up with data collection * Health: + Fine tune various default alarm configurations + Update SYN cookie alarm to be less aggressive + Added support for IRC alarm notifications Bug fixes: * Prevented freezes due to isolated CPUs * Fixed missing streaming when slave has SSL activated * Fixed error 421 in IRC notifications, by removing a line break from the message * proc/pagetypeinfo collection could under particular circumstances cause high CPU load. As a workaround, we disabled pagetypeinfo by default * Fixed incorrect memory allocation in proc plugin’s pagetypeinfo collector * Eliminated cached responses from the postgres collector * rabbitmq: Fixed 'disk_free': 'disk_free_monitoring_disabled' error * Fixed Apache module not working with letsencrypt certificate by allowing the python UrlService to skip tls_verify for http scheme * Fixed invalid spikes appearing in certain charts, by improving the incremental counter reset/wraparound detection algorithm * Fixed issue with unknown variables in alarm configuration expressions always being evaluated to zero * Fixed issue of automatically picking up Pi-hole stats from a Pi-hole instance installed on another device by disabling the default job that collects metrics from http://pi.hole - Update to v1.18.1 Improvements: * Disable slabinfo plugin by default to reduce the total number of metrics collected * Add dbengine RAM usage statistics * Support Google Hangouts chat notifications * Add CMocka unit tests * Add prerequisites to enable automatic updates for installations via the static binary (kickstart-static64.sh) Bug fixes: * Fix unbound collector timings: Convert recursion timings to milliseconds. * Fix unbound collector unhandled exceptions * Fix megacli collector binary search and sudo check * Fix Clang warnings * Fix python.d error logging: change chart suppress msg level from ERROR to INFO * Fix freeipmi update frequency check: was warning that 5 was too frequent and it was setting it to 5. * Fix alarm configurations not getting loaded, via better handling of chart names with special characters * Don't write HTTP response 204 messages to the logs * Fix build when CMocka isn't installed * Prevent zombie processes when a child is re-parented to netdata when its running in a container, by adding child process reaper - Update to v1.18.0 Improvements: * Database engine: + Make dbengine the default memory mode + Increase dbengine default cache size + Reduce overhead during write IO + Detect deadlock in dbengine page cache + Remove hard cap from page cache size to eliminate deadlocks. * New collectors: + SLAB cache mechanism + Gearman worker statistics + vCenter Server Appliance + Zookeeper servers + Hadoop Distributed File System (HDFS) nodes * Collector improvements: + rabbitmq: Add vhosts message metrics from /api/vhosts + elasticsearch: collect metrics from _cat/indices + mysql: collect galera cluster metrics + Allow configuration of the python.d launch command from netdata.conf + x509check: smtp cert check support + dnsmasq_dhcp: respect conf-dir,conf-file,dhcp-host options + plugin: respect previously running jobs after plugin restart + httpcheck: add current state duration chart + springboot2: fix context * Health: + Enable alarm templates for chart dimensions + Center the chart on the proper chart and time whenever an alarm link is clicked * Other: + API: Include family into the allmetrics JSON response + API: Add fixed width option to badges + Allow hostnames in Access Control Lists Bug fixes: * Fix issue error in alarm notification script, when executed without any arguments * Fix Coverity warnings * Fix dbengine consistency when a writer modifies a page concurrently with a reader querying its metrics * Fix memory leak on netdata exit * Fix for missing boundary data points in certain cases * Fix unhandled exception log warnings in the python.d collector orchestrator start\_job * Fix CORS errors when accessing the health management API, by permitingt x-auth-token in Access-Control-Allow-Headers * Fix misleading error log entries RRDSET: chart name 'XXX' on host 'YYY' already exists, by changing the log level for chart updates * Properly resolve all Kubernetes container names * Fix LGTM warnings * Fix agent UI redirect loop during cloud sign-in * Fix python.d.plugin bug in parsing configuration files with no explicitly defined jobs * Fix potential buffer overflow in the web server * Fix netdata group deletion on linux for uninstall script * Various cppcheck fixes * Fix handling of illegal metric timestamps in database engine * Fix a resource leak * Fix rabbitmq collector error when no vhosts are available. - Update to v1.17.0 Improvements: * Database engine: + Variable granularity support for data collection + Added tips on the UI to encourage users to try the new DB Engine, when they reach the end of their metrics history * Health: + Added support for plain text only email notifications + Started showing “hidden” alarm variables in the responses of the chart and data API calls + Added a new API call for alarm status counters, as a first step towards badges that will show the total number of alarms * Security: + Added configurable default locations for trusted CA certificates + Added safer way to get container names + Added SSL connection support to the python mongodb collector * New collectors: + VSphere collector * Archiving: + Added a new MongoDB backend * Other: + Added apps grouping debug messages + GCC warning and linting improvements + Added global configuration option to show charts with zero metrics + Improved the way we parse HTTP requests, so we can avoid issues from edge cases * Bug fixes: + Fixed sensor chips filtering in python sensors collector + Fixed user and group names in apps.plugin when running in a container, by mounting and reading /etc/passwd + Fixed possible buffer overflow in the JSON parser used for health notification silencers + Fixed handling of corrupted DB files in dbengine, that could cause netdata to not start properly (CRC and I/O error handling) + Fixed an issue with Netdata snapshots that could sometimes cause a problem during import + Fixed bug that would cause netdata to attempt to kill already terminated threads again, on shutdown + Fixed out of memory (12) errors by reimplementing the myopen() function family + Fixed wrong redirection of users signing in after clicking Nodes + Fixed python.d smartd collector increasing CPU usage + Fixed mongodb python collector stock configuration mistake, by changing password to pass + Fixed handling of UTF8 characters in badges and added International Support to the URL parser + Fixed nodes menu sizing (responsive) + Fixed issues with http redirection to https and streaming encryption + Fixed broken links to arcstat.py and arc_summary.py in dashboard_info.js + Fixed bug with the nfacct plugin that resulted in missing dimensions from the charts + Stopped anonymous stats from trying to write a log under /tmp + Properly delete obsolete dimensions for inactive disks in smartd_log + Fixed handling of disconnected sockets in unbound python.d collector + Fixed crash in malloc + Fixed issue with mysql collector that resulted in showing only a single slave_status chart, regardless of the number of replication channels + Fixed a segmentation fault in backends + Fixed spigotmc plugin bugs + Fixed dbengine 100% CPU usage due to corrupted transaction payload handling - Update to v1.16.0 Improvements: * Health: + Easily disable alarms, by persisting the silencers configuration + Repeating alarm notifications + Simplified the health cmdapi tester - no setup/cleanup needed + Αdd last_collected alarm to the x509check collector + New alarm for abnormally high number of active processes. * Security: + SSL support in the web server and streaming/replication + Support encrypted connections to OpenTSDB backends * New collectors: + Go.d collector modules for WMI, Dnsmasq DHCP leases and Pihole + Riak KV instances collector + CPU performance statistics using Performance Monitoring Units via the perf_event_open() system call. (perf plugin) * Collector improvements: + Handle different sensor IDs for the same element in the freeipmi plugin + Increase the cpu_limit chart precision in cgroup plugin + Added userstats and deadlocks charts to the python mysql collector + Add perforce server process monitoring to the apps plugin * Backends: + Prometheus remote write backend * DB engine improvements: + Reduced memory requirements by 40-50% + Reduced the number of pages needed to be stored and indexed when using memory mode = dbengine, by adding empty page detection * Rebranding: + Updated the netdata logo and changed links to point to the new website * Other: + Pass the the cloud base url parameter to the notifications mechanism, so that modifications to the configuration are respected when creating the link to the alarm + Improved logging, to be able to trace the CRITICAL: main[main] SIGPIPE received. error Bug fixes: * Fixed ram_available alarm * Stop monitoring /dev and /run in the disk space and inode usage charts * Fixed the monitoring of the “time” group of processes * Fixed compilation error PERF_COUNT_HW_REF_CPU_CYCLES' undeclared here in old Linux kernels (perf plugin) * Fixed invalid XML page error (tomcat plugin) * Remove obsolete monit metrics * Fixed Failed to parse error in adaptec_raid * Fixed cluster_health_nodes and cluster_stats_nodes charts in the elasticsearch collector * A modified slave chart's 'name' was not properly transferred to the master * Netdata could run out of file descriptors when using the new DB engine * Fixed UI behavior when pressing the End key * Fixed UI link to check the configuration file, to open in a new tab * Prevented Error: 'module' object has no attribute 'Retry' messages from python collectors, by enforcing minimum version check for the UrlService library * Fixed typo that causes nfacct.plugin log messages to incorrectly show freeipmi * The daemon could get stuck during collection or during shutdown, when using the new dbengine. Reduced new dbengine IO utilization by forcing page alignment per dimension of chart. * Properly handle timeouts/no response in dns_query_time python collector * When a collector restarted after having stopped for a long time, the new dbengine would consume a lot of CPU resources. * Fixed error Assertion old_state & PG_CACHE_DESCR_ALLOCATED' failed` of the new dbengine. Eliminated a page cache descriptor race condition * tv.html failed to load the three left charts when accessed via https. Turn tv.html links to https * Change print level from error to info for messages about clearing old files from the database * Fixed warning regarding the x509check_last_collected_secs alarms. Changed the template update frequency to 60s, to match the chart’s update frequency * Email notification header lines were not terminated with \r\n as per the RFC * Some log entries would not be caught by the python web_log plugin. Fixed the regular expressions * Corrected the date used in pushbullet notifications * Fixed FATAL error when using the new dbengine with no direct I/O support, by falling back to buffered I/O * Fixed compatibility issues with varnish v4 (varnish collector) * The total number of disks in mdstat.XX_disks chart was displayed incorrectly. Fixed the 'inuse' and 'down' disks stacking. * The config option --disable-telemetry was being checked after restarting netdata, which means that we would still send anonymous statistics the first time netdata was started. (NOTE: Telemetry is disabled by default on openSUSE.) * Fixed apcupsd collector errors, by passing correct info to the run function. * apcupsd and libreswan were not enabled by default * Fixed incorrect module name: energi to energid * The nodes view did not work properly when a reverse proxy was configured to access netdata via paths containing subpaths (e.g. myserver/netdata) * Fix error message PLUGINSD : cannot open plugins directory * Corrected invalid links to web_log.conf that appear on the agent UI * Fixed ScaleIO collector endpoint paths * Fixed web client timeout handling in the go.d plugin httpcheck collector - Update to v1.15.0 Bug Fixes: * Prowl notifications were not being sent, unless another notification method was also active * Fix exception handling in the python.d plugin * The node applications group did not include all node processes. * The nvidia_smi collector displayed incorrect power usage * The python.d plugin would sometimes hang, because it lacked a connect timeout * The mongodb collector raised errors due to various KeyErrors * The smartd_log collector would show incorrect temperature values Improvements: * Support for aggregate node view * Database engine * New collector modules: + Go.d collectors for OpenVPN, the Tengine web server and ScaleIO (VxFlex OS) instances + Monitor disk access latency like ioping does * Energi Core daemon monitoring, suits other Bitcoin forks * Collector improvements: + Add docker swarm manager metrics to the go.d docker_engine collector + Implement unified cgroup cpu limit + python.d.plugin: Allow monitoring of HTTP(S) endpoints which require POST data and make the UrlService more flexible * Support the AWS Kinesis backend for long-term storage * Add a new 'text-only' chart renderer * API Improvements: + Smarter caching of API calls. Do not cache alarms and info api calls and extend no-cache headers. + Extend the api/v1/info call response with system and collector information + k6 script for API load testing * Kubernetes helmchart improvements: + Added the init container, where sysctl params could be managed, to bypass the Cannot allocate memory issue + Better startup/shutdown of slaves and reduced memory usage with liveness/readiness probes and default memory mode none + Added the option of overriding the default settings for kubelet, kubeproxy and coredns collectors via values.yaml + Make the use of persistent volumes optional, add apiVersion to fix linting errors and correct the location of the env field - Update to v1.14.0 The release introduces major additions to Kubernetes monitoring, with tens of new charts for Kubelet, kube-proxy and coredns metrics, as well as significant improvements to the netdata helm chart. Two new collectors were added, to monitor Docker hub and Docker engine metrics. Finally, v1.14 adds support for version 2 cgroups, OpenLDAP over TLS, NVIDIA SMI free and per process memory and configurable syslog facilities. Bug Fixes: * Fixed problem autodetecting failed jobs in python.d plugin. It now properly restarts jobs that are being rechecked, as soon as they are able to run. * CouchdDB monitoring would stop sometimes with an exception. Fixed the unhandled exception causing the issue. * The netdata api deliberately returned http error 400 when netdata ran in memory mode none. Modified the behavior to return responses, regardless of the memory mode * The python.d plugin sometimes does not receive SIGTERM when netdata exits, resulting in zombie processes. Added a heartbeat so that the process can exit on SIGPIPE. * The new SMS Server Tools notifications did not handle errors well, resulting in cryptic error messages. Improved error handling. * Fix segmentation fault in streaming, when two dimensions had similar names. * Kubernetes Helm Chart: Fixed incorrect use of namespaces in ServiceAccount and ClusterRoleBinding RBAC fixes. * Elastic search: The option to enable HTTPS was not included in the config file, giving the erroneous impression that HTTPS was not supported. The option was added. * RocketChat notifications were not being sent properly. Added default recipients for roles in the health alarm notification configuration. Improvements: * go.d.plugin v0.4.0 : Docker Hub and k8s coredns collectors, springboot2 URI filters support. * go.d.plugin v0.3.1 : Add default job to run k8s_kubelet.conf, k8s_kubeproxy, activemq modules * go.d.plugin v0.3.0 : Docker engine, kubelet and kub-proxy collectors. x509check module reading certs from file support * Added unified cgroup support that includes v2 cgroups * Disk stats: Added preferred disk id pattern, so that users can see the id they prefer, when multiple ids appear for the same device * NVIDIA SMI: Added memory free and per process memory usage charts to the collector * OpenLDAP: Added TLS support, to allow monitoring of LDAPS. * PHP-FPM: Add health check to raise alarms when the phpfm server is unreachable * PostgreSQL: Our configuration options to connect to a DB did not support all possible option. Added option to connect to a PostreSQL instance by defining a connection string (URI). * python.d.plugin: There was no way to delete obsolete dimensions in charts created by the python.d plugin. The plugin can now delete dimension at runtime. * netdata supports sending its logs to Syslog, but the facility was hard-coded. We now support configurable Syslog facilities in netdata.conf. * Kubernetes Helm Chart improvements: + Added serviceName in statefulset spec to align with the k8s documentation + Added preStart command to persist slave machine GUIDs, so that pod deletion/addition during upgrades doesn't lose the slave history. + Disabled non-essential master netdata collector plugins to avoid duplicate data + Added preStop command to wait for netdata to exit gracefully before removing the container + Extended configuration file support to provide more control from the helm command line + Added option to disable Role-based access control + Added liveness and readiness probes. - Update to v1.13.0 netdata has taken the first step into the world of Kubernetes, with a beta version of a Helm chart for deployment to a k8s cluster and proper naming of the cgroup containers. We have big plans for Kubernetes, so stay tuned! A major refactoring of the python.d plugin has resulted in a dramatic decrease of the required memory, making netdata even more resource efficient. We also added charts for IPC shared memory segments and total memory used. Improvements: * Kubernetes: Helm chart and proper cgroup naming * python.d.plugin: Reduce memory usage with separate process for initial module checking and loaders cleanup * IPC shared memory charts * mysql module add ssl connection support * FreeIPMI: Have the debug option apply the internal freeipmi debug flags * Prometheus backend: Support legacy metric names for source=avg * Registry: Allow deleting the host we are looking at * SpigotMC: Use regexes for parsing. Bug Fixes: * Postgres: fix connection issues * Proxmox container: Fix cgroup naming and use total_* memory counters for cgroups * proc.plugin and plugins.d: Fix memory leaks * SpigotMC: Fix UnicodeDecodeError and py2 compatibility fix * Fix non-obsolete dimension deletion * UI: Fix incorrect icon for the streaming master * Docker container names: Retry renaming when a name is not found * apps.plugin: Don't send zeroes for empty process groups * go.d.plugin: Correct sha256sum check * Unbound module: Documentation corrected with troubleshooting section. * Streaming: Prevent UI issues upon GUID duplication between master and slave netdata instances * Linux power supply module: Fix missing zero dimensions * Minor fixes around plugin_directories initialization - Update to v1.12.2 Bug Fixes: * Zombie processes exist after restart netdata - add heartbeat to python.d plugin * RocketChat notifications not working * SIGSEGV crash during shutdown of tc plugin * CMake warning for nfacct plugin Improvements: * Oracledb python module * Show streamed servers even for users that are not signed in - Drop GPG signature (no longer used) - Drop spec compatibility with old distro versions - Drop netdata-automake-no-dist-xz.patch - Refresh netdata-smartd-log-path.patch - Update to v1.12.1 Fixes: * Fix SIGSEGV at startup: Don't free vars of charts that do not exist #5455 * Prevent invalid Linux power supply alarms during startup #5447 * Correct duplicate flag enum in health.h #5441 * Remove extra 'v' for netdata version from Server response header #5440 and spec URL #5427 * apcupsd - Treat ONBATT status the same as ONLINE #5435 * Fix #5430 - LogService._get_raw_data under python3 fails on undecodable data #5431 * Correct version check in UI #5429 * Fix ERROR 405: Cannot download charts index from server - cpuidle handle newlines in names #5425 * Fix clock_gettime() failures with the CLOCK_BOOTTIME argument #5415 * Use netnsid for detecting cgroup networks; #5413 * Python module sensors fix #5406 * Fix ceph.chart.py for Python3 #5396 (GaetanF) * Fix warning condition for mem.available #5353 * cups.plugin: Support older versions #5350 Improvements: * Add driver-type option to the freeipmi plugin #5384 * Add support of tera-byte size for Linux bcache. #5373 * Split nfacct plugin into separate process #5361 * Add cgroup cpu and memory limits and alarms #5172 * Add message queue statistics #5115 - Update to v1.12.0 Key improvements: * Introducing netdata.cloud, the free netdata service for all netdata users * High performance plugins with go.d.plugin (data collection orchestrator written in Go) * 7 new data collectors and 11 rewrites of existing data collectors for improved performance * A new management API for all netdata servers * Bind different functions of the netdata APIs to different ports Management API: Netdata now has a management API. We plan to provide a full set of configuration commands using this API. In this release, the management API supports disabling or silencing alarms during maintenance periods. For more information about the management API, check https://docs.netdata.cloud/web/api/health/#health-management-api Anonymous statistics: Anonymous usage information can be collected and sent to Google Analytics. This functionality is disabled by default in openSUSE. Remove /etc/netdata/.opt-out-from-anonymous-statistics to enable. The statistics calculated from this information will be used for: 1. Quality assurance, to help us understand if netdata behaves as expected and help us identify repeating issues for certain distributions or environment. 2. Usage statistics, to help us focus on the parts of netdata that are used the most, or help us identify the extend our development decisions influence the community. Information is sent to Netdata via two different channels: * Google Tag Manager is used when an agent's dashboard is accessed. * The script anonymous-statistics.sh is executed by the Netdata daemon, when Netdata starts, stops cleanly, or fails. Both methods are controlled via the same opt-out mechanism. For more information, check https://docs.netdata.cloud/docs/anonymous-statistics/ Data collection: This release introduces a new Go plugin orchestrator. This plugin has its own github repo (https://github.com/netdata/go-orchestrator). It is open-source, using the same license and we welcome contributions. The orchestrator can also be used to build custom data collection plugins written in Go. We have used the orchestrator to write many new Go plugins in our go.d plugin github repo. For more information, check https://github.com/netdata/go-orchestrator#go-orchestrator-wip New data collectors: * Activemq (Go) * Consul (Go) * Lighttpd2 (Go) * Solr (Go) * Springboot2 (Go) * mdstat - nonredundant arrays (C) * CUPS printing system (C) High performance versions of older data collectors: * apache (Go) * dns_query (Go) * Freeradius (Go) * Httpcheck (Go) * Lighttpd (Go) * Portcheck (Go) * Nginx (Go) * cpufreq (C) * cpuidle (C) * mdstat (C) * power supply (C) Other improved data collectors: * Fix the python plugin clock (collectors falling behind). * adaptec_raid: add to python.d.conf. * apcupsd: Detect if UPS is online. * apps: Fix process statistics collection for FreeBSD. * apps: Properly lookup docker container name when running in ECS * fail2ban: Add 'Restore Ban' action. * go_expavar: Don't check for duplicate expvars. * hddtemp: Don't use disk model as dim name. * megacli: add to python.d.conf. * nvidia_smi: handle N/A values. * postgres: Fix integer out of range error on Postgres 11, fix locks count. * proc: Don't show zero charts for ZFS filesystem. * proc; Fix cached memory calculation. * sensors: Don't ignore 0 RPM fans on start. * smartd_log: check() unhandled exception: list index out of range. * SNMP: Gracefully ignore the offset if the value is not a number Health Monitoring: * Add Prowl notifications for iOS users. * Show count of active alarms per state in email notifications. * Show evaluated expression and expression variable values in email notifications. * Improve support for slack recipients (channels/users). * Custom notifications: Fix bug with alarm role recipients. Dashboards: * Server filtering in my-netdata menu when signed in to netdata.cloud * All units are now IEC-compliant abbreviations (KiB, MiB etc.). * GUI: Make entire row clickable in the registry menu showing the list of servers. Backends: * Do not report stale metrics to prometheus. Other: * Treat DT_UNKNOWN files as regular files. * API: Stricter rules for URL separators. - Update to v1.11.1 Improved internal database: Overflown incremental values (counters) do not show a zero point at the charts. Netdata detects the width (8bit, 16bit, 32bit, 64bit) of each counter and properly calculates the delta when the counter overflows. The internal database format has been extended to support values above 64bit. New data collection plugins: * openldap, to collect performance statistics from OpenLDAP servers. * tor, to collect traffic statistics from Tor. * nvidia_smi to monitor NVIDIA GPUs. Improved data collection plugins: * BUG FIX: network interface names with colon (:) in them were incorrectly parsed and resulted in faulty data collection values. * BUG FIX: smartd_log has been refactored, has better python v2 compatibility, and now supports SCSI smart attributes * cpufreq has been re-written in C - since this module if common, we decided to convert to an internal plugin to lower the pressure on the python ones. There are a few more that will be transitioned to C in the next release. * BUG FIX: sensors got some compatibility fixes and improved handling for lm-sensors errors. Health monitoring: * BUG FIX: max network interface speed data collection was faulty, which resulted in false-positive alarms on systems with multiple interfaces using different speeds (the speed of the first network interface was used for all network interfaces). Now the interface speed is shown as a badge. * alerta.io notifications got a few improvements * BUG FIX: conntrack_max alarm has been restored (was not working due to an invalid variable name referenced) Registry (my-netdata menu): * It has been refactored a bit to reveal the URLs known for each node and now it supports deleting individual URLs. - Update to 1.11.0 * Stock config files are now in /usr/lib/netdata; use the /etc/netdata/edit-config script to copy and edit them. * The query engine of netdata has been re-written to support query plugins. We have already added the following algorithms that are available for alarm, charts and badges: + stddev, for calculating the standard deviation on any time-frame. + ses or ema or ewma, for calculating the exponential weighted moving average, or single/simple exponential smoothing on any time-frame. + des, for calculating the double exponential smoothing on any time-frame. + cv or rsd, for calculating the coefficient of variation for any time-frame. Fixed security issues: * CVE-2018-18836 Fixed JSON Header Injection (an attacker could send \n encoded in the request to inject a JSON fragment into the response). boo#1139094 * CVE-2018-18837 Fixed HTTP Header Injection (an attacker could send \n encoded in the request to inject an HTTP header into the response). boo#1139095 * CVE-2018-18838 Fixed LOG Injection (an attacker could send \n encoded in the request to inject a log line at access.log). boo#1139098 * CVE-2018-18839 Not fixed Full Path Disclosure, since these are intended (netdata reports the absolute filename of web files, alarm config files and alarm handlers). * Fixed Privilege Escalation by manipulating apps.plugin or cgroup-network error handling. * Fixed LOG injection (by sending URLs with \n in them). New data collection modules: * rethinkdbs for monitoring RethinkDB performance * proxysql for monitoring ProxySQL performance * litespeed for monitoring LiteSpeed web server performance. * uwsgi for monitoring uWSGI performance * unbound for monitoring the performance of Unbound DNS servers. * powerdns for monitoring the performance of PowerDNS servers. * dockerd for monitoring the health of dockerd * puppet for monitoring Puppet Server and Puppet DB. * logind for monitoring the number of active users. * adaptec_raid and megacli for monitoring the relevant raid controller * spigotmc for monitoring minecraft server statistics * boinc for monitoring Berkeley Open Infrastructure Network Computing clients. * w1sensor for monitoring multiple 1-Wire temperature sensors. * monit for collecting process, host, filesystem, etc checks from monit. * linux_power_supplies for monitoring Linux Power Supplies attributes Data collection orchestrators changes: * node.d.plugin does not use the js command any more. * python.d.plugin now uses monotonic clocks. There was a discrepancy in clocks used in netdata that resulted in a shift in time of python module after some time (it was missing 1 sec per day). * added MySQLService for quickly adding plugins using mysql queries. * URLService now supports self-signed certificates and supports custom client certificates. * all python.d.plugin modules that require sudo to collect metrics, are now disabled by default, to avoid security alarms on installations that do not need them. Improved data collection modules: * apps.plugin now detects changes in process file descriptors, also fixed a couple of memory leaks. Its default configuration has been enriched significantly, especially for IoT. * freeipmi.plugin now supports option ignore-status to ignore the status reported by given sensors. * statsd.plugin (for collecting custom APM metrics) + The charting thread has been optimized for lowering its CPU consumption when several millions of metrics are collected. + sets now report zeros instead of gaps when no data are collected + histograms and timers have been optimized for lowering their CPU consumption to support several thousands of such metrics are collected. + histograms had wrong sampling rate calculations. + gauges now ignore sampling rate when no sign is included in the value. + the minimum sampling rate supported is now 0.001. + netdata statsd is now drop-in replacement for datadog statsd (although statsd tags are currently ignored by netdata). * proc.plugin (Linux, system monitoring) + Unused interrupts and softirqs are not used in charts (this saves quite some processing power and memory on systems with dozens of CPU cores). + fixed /proc/net/snmp parsing of IcmpMsg lines that failed on a few systems. + Veritas Volume Manager disks are now recognized and named accordingly. + Now netdata collects TcpExtTCPReqQFullDrop and re-organizes metrics in charts to properly monitor the TCP SYN queue and the TCP Accept queue of the kernel. + Many charts that were previously reported as IPv4, were actually reflecting metrics for both IPv4 and IPv6. They have been renamed to ip.*. + netdata now monitors SCTP. + Fixed BTRFS over BCACHE sector size detection. + BCACHE data collection is now faster. + /proc/interrupts and /proc/softirqs parsing fixes. * diskspace.plugin (Linux, disk space usage monitoring) + It does not stat() excluded mount points any more (it was interfering with kerberos authenticated mount points). + several filesystems are now by default excluded from disk-space monitoring, to avoid breaking suspend on workstations. * python.d.plugin PYTHON modules (applications monitoring) + web_log module now supports virtual hosts, reports http/https metrics, support squid logs + nginx_plus module now handles non-continuous peer IDs + ipfs module is optimized, the use of its Pin API is now disabled by default and can enabled with a netdata module option (using the IPFS Pin API increases the load on the IPFS server). + fail2ban module now supports IPv6 too. + ceph module now checks permissions and properly reports issues + elasticsearch module got better error handling + nginx_plus module now uses upstream ip:port instead of transient id to identify dimensions. + redis, now it supports Pika, collects evited keys, fixes authentication issues reported and improves exception handling. + beanstalk, bug fix for yaml config loading. + mysql, the % of active connections is now monitored, query types are also charted. + varnish, now it supports versions above 5.0.0 + couchdb + phpfpm, now supports IPv6 too. + apache, now supports IPv6 too. + icecast + mongodb, added support for connect URIs + postgress + elasticsearch, now it supports versions above 6.3.0, fixed JSON parse errors + mdstat , now collects mismatch_cnt + openvpn_log * node.d.plugin NODE.JS modules + snmp was incorrectly parsing a new OID names as float. * charts.d.plugin BASH modules + nut now supports naming UPSes. Health monitoring: * Added variable $system.cpu.processors. * Added alarms for detecting abnormally high load average. * TCP SYN and TCP accept queue alarms, replacing the old softnet dropped alarm that was too generic and reported many false positives. * system alarms are now enabled on FreeBSD. * netdata now reads NIC speed and sets alarms on each interface to detect congestion. * Network alarms are now relaxed to avoid false positives. * New bcache alarms. * New mdstat alarms. * New apcupsd alarms. * New mysql alarms. * New notification methods: + rocket.chat + Microsoft Teams + syslog + fleep.io + Amazon SNS Backends: * Host tags are now sent to Graphite * Host variables are now sent to Prometheus Streaming: * Each netdata slave and proxy now filter the charts that are streamed. This allows exposing netdata masters to third parties by limiting the number of charts available at the master. * Fixed a bug in streaming slaves that randomly prevented them to resume streaming after network errors. * Fixed a bug that on slaves that sent duplicated chart names under certain conditions. * Fixed a bug that caused slaves to consume 100% CPU (due to a misplaced lock) when multiple threads were adding dimensions on the same chart. * The receiving nodes of streaming (netdata masters and proxies) can now rate-limit the rate of inbound streaming requests received. * Re-worked time synchronization between netdata slaves and masters. API: * Badges that report time, now show 'undefined' instead of 'never'. Dashboard: * Added UTC timezone to the list of available time-zones. * The dashboard was sending some non-HTTP compliant characters at the URLs that made netdata dashboards break when used under certain proxies. Moderate SUSE bug 1139094 SUSE bug 1139095 SUSE bug 1139098 CVE-2018-18836 CVE-2018-18837 CVE-2018-18838 CVE-2018-18839 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - New upstream LTS version 10.23.0: * deps: upgrade npm to 6.14.8 * n-api: + create N-API version 7 + expose napi_build_version variable This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1179491 SUSE bug 1180553 SUSE bug 1180554 CVE-2020-1971 CVE-2020-8265 CVE-2020-8287 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for giflib fixes the following issues: - Enable Position Independent Code and inherit CFLAGS from the build system (bsc#1184123). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1184123 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) - New upstream LTS version 14.15.3: * deps: + upgrade npm to 6.14.9 + update acorn to v8.0.4 * http2: check write not scheduled in scope destructor * stream: fix regression on duplex end - New upstream LTS version 14.15.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1178882 SUSE bug 1180553 SUSE bug 1180554 CVE-2020-8265 CVE-2020-8277 CVE-2020-8287 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - make /usr/bin/delv in bind-tools position independent (bsc#1183453). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1183453 SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openexr fixes the following issues: - CVE-2021-23215: Fixed an integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185216). - CVE-2021-26260: Fixed an Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185217). - CVE-2021-20296: Fixed a Null Pointer dereference in Imf_2_5:hufUncompress (bsc#1184355). - CVE-2021-3477: Fixed a Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353). - CVE-2021-3479: Fixed an Out-of-memory caused by allocation of a very large buffer (bsc#1184354). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1184353 SUSE bug 1184354 SUSE bug 1184355 SUSE bug 1185216 SUSE bug 1185217 CVE-2021-20296 CVE-2021-23215 CVE-2021-26260 CVE-2021-3477 CVE-2021-3479 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * disk gets replaced with no rocksdb/wal (bsc#1184231). * BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1183074 SUSE bug 1183899 SUSE bug 1184231 CVE-2021-20288 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for alpine fixes the following issues: Update to release 2.24 * A few crash fixes * Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 * Expansion of the configuration screen for XOAUTH2 to include username, and tenant. * Alpine uses the domain in the From: header of a message to generate a message-id and suppresses all information about Alpine, version, revision, and time of generation of the message-id from this header. * Alpine does not generate Sender or X-X-Sender by default by enabling [X] Disable Sender as the default. * Alpine does not disclose User Agent by default by enabling [X] Suppress User Agent by default. * When messages are selected, pressing the ';' command to broaden or narrow a search, now offers the possibility to completely replace the search, and is almost equivalent to being a shortcut to 'unselect all messages, and select again'. Update to release 2.23 * Fixes boo#1173281, CVE-2020-14929: Alpine silently proceeds to use an insecure connection after a /tls is sent in certain circumstances. * Implementation of XOAUTH2 authentication support for Outlook. * Add support for the OAUTHBEARER authentication method in Gmail. * Support for the SASL-IR IMAP extension. * Alpine can pass an HTML message to an external web browser, by using the 'External' command in the ATTACHMENT INDEX screen. Update to release 2.22 * Support for XOAUTH2 authentication method in Gmail. * NTLM authentication support with the ntlm library. * Added the '/tls1_3' flag for servers that support it. * Add the 'g' option to the select command that works in IMAP servers that implement the X-GM-EXT-1 capability (such as the one offered by Gmail). * Added '/auth=XYZ' to the way to define a server. This allows users to select the method to authenticate to an IMAP, SMTP or POP3 server. Examples are /auth=plain, or /auth=gssapi, etc. * When a message is of type multipart/mixed, and its first part is multipart/signed, Alpine will include the text of the original message in a reply message, instead of including a multipart attachment. * Added backward search in the index screen. * pico: Add -dict option to Pico, which allows users to choose a dictionary when spelling. - Drop /usr/bin/mailutil, it is not built by default anymore. * Added Quota subcommands for printing, forwarding, saving, etc. Moderate SUSE bug 1173281 CVE-2020-14929 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update (boo#1185631) * CVE-2020-28007: Link attack in Exim's log directory * CVE-2020-28008: Assorted attacks in Exim's spool directory * CVE-2020-28014: Arbitrary PID file creation * CVE-2020-28011: Heap buffer overflow in queue_run() * CVE-2020-28010: Heap out-of-bounds write in main() * CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() * CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase() * CVE-2020-28015: New-line injection into spool header file (local) * CVE-2020-28012: Missing close-on-exec flag for privileged pipe * CVE-2020-28009: Integer overflow in get_stdinput() * CVE-2020-28017: Integer overflow in receive_add_recipient() * CVE-2020-28020: Integer overflow in receive_msg() * CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() * CVE-2020-28021: New-line injection into spool header file (remote) * CVE-2020-28022: Heap out-of-bounds read and write in extract_option() * CVE-2020-28026: Line truncation and injection in spool_read_header() * CVE-2020-28019: Failure to reset function pointer after BDAT error * CVE-2020-28024: Heap buffer underflow in smtp_ungetc() * CVE-2020-28018: Use-after-free in tls-openssl.c * CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() update to exim-4.94.1 * Fix security issue in BDAT state confusion. Ensure we reset known-good where we know we need to not be reading BDAT data, as a general case fix, and move the places where we switch to BDAT mode until after various protocol state checks. Fixes CVE-2020-BDATA reported by Qualys. * Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT) * Fix security issue with too many recipients on a message (to remove a known security problem if someone does set recipients_max to unlimited, or if local additions add to the recipient list). Fixes CVE-2020-RCPTL reported by Qualys. * Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase() * Fix security issue CVE-2020-PFPSN and guard against cmdline invoker providing a particularly obnoxious sender full name. * Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX better. - bring back missing exim_db.8 manual page (fixes boo#1173693) - bring in changes from current +fixes (lots of taint check fixes) * Bug 1329: Fix format of Maildir-format filenames to match other mail- related applications. Previously an 'H' was used where available info says that 'M' should be, so change to match. * Bug 2587: Fix pam expansion condition. Tainted values are commonly used as arguments, so an implementation trying to copy these into a local buffer was taking a taint-enforcement trap. Fix by using dynamically created buffers. * Bug 2586: Fix listcount expansion operator. Using tainted arguments is reasonable, eg. to count headers. Fix by using dynamically created buffers rather than a local. Do similar fixes for ACL actions 'dcc', 'log_reject_target', 'malware' and 'spam'; the arguments are expanded so could be handling tainted values. * Bug 2590: Fix -bi (newaliases). A previous code rearrangement had broken the (no-op) support for this sendmail command. Restore it to doing nothing, silently, and returning good status. - update to exim 4.94 * some transports now refuse to use tainted data in constructing their delivery location this WILL BREAK configurations which are not updated accordingly. In particular: any Transport use of $local_user which has been relying upon check_local_user far away in the Router to make it safe, should be updated to replace $local_user with $local_part_data. * Attempting to remove, in router or transport, a header name that ends with an asterisk (which is a standards-legal name) will now result in all headers named starting with the string before the asterisk being removed. - switch pretrans to use lua (fixes boo#1171877) - bring changes from current in +fixes branch (patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94) * fixes CVE-2020-12783 (boo#1171490) * Regard command-line recipients as tainted. * Bug 2489: Fix crash in the 'pam' expansion condition. * Use tainted buffers for the transport smtp context. * Bug 2493: Harden ARC verify against Outlook, which has been seen to mix the ordering of its ARC headers. This caused a crash. * Bug 2492: Use tainted memory for retry record when needed. Previously when a new record was being constructed with information from the peer, a trap was taken. * Bug 2494: Unset the default for dmarc_tld_file. * Fix an uninitialised flag in early-pipelining. Previously connections could, depending on the platform, hang at the STARTTLS response. * Bug 2498: Reset a counter used for ARC verify before handling another message on a connection. Previously if one message had ARC headers and the following one did not, a crash could result when adding an Authentication-Results: header. * Bug 2500: Rewind some of the common-coding in string handling between the Exim main code and Exim-related utities. * Fix the variables set by the gsasl authenticator. * Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, only retrieve the errormessage once. * Bug 2501: Fix init call in the heimdal authenticator. Previously it adjusted the size of a major service buffer; this failed because the buffer was in use at the time. Change to a compile-time increase in the buffer size, when this authenticator is compiled into exim. - update to exim 4.93.0.4 (+fixes release) * Avoid costly startup code when not strictly needed. This reduces time for some exim process initialisations. It does mean that the logging of TLS configuration problems is only done for the daemon startup. * Early-pipelining support code is now included unless disabled in Makefile. * DKIM verification defaults no long accept sha1 hashes, to conform to RFC 8301. They can still be enabled, using the dkim_verify_hashes main option. * Support CHUNKING from an smtp transport using a transport_filter, when DKIM signing is being done. Previously a transport_filter would always disable CHUNKING, falling back to traditional DATA. * Regard command-line receipients as tainted. * Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. * Bug 2489: Fix crash in the 'pam' expansion condition. It seems that the PAM library frees one of the arguments given to it, despite the documentation. Therefore a plain malloc must be used. * Bug 2491: Use tainted buffers for the transport smtp context. Previously on-stack buffers were used, resulting in a taint trap when DSN information copied from a received message was written into the buffer. * Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix the ordering of its ARC headers. This caused a crash. * Bug 2492: Use tainted memory for retry record when needed. Previously when a new record was being constructed with information from the peer, a trap was taken. * Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive installation would get error messages from DMARC verify, when it hit the nonexistent file indicated by the default. Distros wanting DMARC enabled should both provide the file and set the option. Also enforce no DMARC verification for command-line sourced messages. * Fix an uninitialised flag in early-pipelining. Previously connections could, depending on the platform, hang at the STARTTLS response. * Bug 2498: Reset a counter used for ARC verify before handling another message on a connection. Previously if one message had ARC headers and the following one did not, a crash could result when adding an Authentication-Results: header. * Bug 2500: Rewind some of the common-coding in string handling between the Exim main code and Exim-related utities. The introduction of taint tracking also did many adjustments to string handling. Since then, eximon frequently terminated with an assert failure. * When PIPELINING, synch after every hundred or so RCPT commands sent and check for 452 responses. This slightly helps the inefficieny of doing a large alias-expansion into a recipient-limited target. The max_rcpt transport option still applies (and at the current default, will override the new feature). The check is done for either cause of synch, and forces a fast-retry of all 452'd recipients using a new MAIL FROM on the same connection. The new facility is not tunable at this time. * Fix the variables set by the gsasl authenticator. Previously a pointer to library live data was being used, so the results became garbage. Make copies while it is still usable. * Logging: when the deliver_time selector ise set, include the DT= field on delivery deferred (==) and failed (**) lines (if a delivery was attemtped). Previously it was only on completion (=>) lines. * Authentication: the gsasl driver not provides the $authN variables in time for the expansion of the server_scram_iter and server_scram_salt options. spec file cleanup to make update work - add docdir to spec - update to exim 4.93 * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC * DISABLE_TLS replaces SUPPORT_TLS * Bump the version for the local_scan API. * smtp transport option hosts_try_fastopen defaults to '*'. * DNSSec is requested (not required) for all queries. (This seemes to ask for trouble if your resolver is a systemd-resolved.) * Generic router option retry_use_local_part defaults to 'true' under specific pre-conditions. * Introduce a tainting mechanism for values read from untrusted sources. * Use longer file names for temporary spool files (this avoids name conflicts with spool on a shared file system). * Use dsn_from main config option (was ignored previously). - update to exim 4.92.3 * CVE-2019-16928: fix against Heap-based buffer overflow in string_vformat, remote code execution seems to be possible - update to exim 4.92.2 * CVE-2019-15846: fix against remote attackers executing arbitrary code as root via a trailing backslash - update to exim 4.92.1 * CVE-2019-13917: Fixed an issue with ${sort} expansion which could allow remote attackers to execute other programs with root privileges (boo#1142207) - spec file cleanup * fix DANE inclusion guard condition * re-enable i18n and remove misleading comment * EXPERIMENTAL_SPF is now SUPPORT_SPF * DANE is now SUPPORT_DANE - update to exim 4.92 * ${l_header:<name>} expansion * ${readsocket} now supports TLS * 'utf8_downconvert' option (if built with SUPPORT_I18N) * 'pipelining' log_selector * JSON variants for ${extract } expansion * 'noutf8' debug option * TCP Fast Open support on MacOS * CVE-2019-10149: Fixed a Remote Command Execution (boo#1136587) - add workaround patch for compile time error on missing printf format annotation (gnu_printf.patch) - update to 4.91 * DEFER rather than ERROR on redis cluster MOVED response. * Catch and remove uninitialized value warning in exiqsumm * Disallow '/' characters in queue names specified for the 'queue=' ACL modifier. This matches the restriction on the commandline. * Fix pgsql lookup for multiple result-tuples with a single column. Previously only the last row was returned. * Bug 2217: Tighten up the parsing of DKIM signature headers. * Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL. * Fix issue with continued-connections when the DNS shifts unreliably. * Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL. * The 'support for' informational output now, which built with Content Scanning support, has a line for the malware scanner interfaces compiled in. Interface can be individually included or not at build time. * The 'aveserver', 'kavdaemon' and 'mksd' interfaces are now not included by the template makefile 'src/EDITME'. The 'STREAM' support for an older ClamAV interface method is removed. * Bug 2223: Fix mysql lookup returns for the no-data case (when the number of rows affected is given instead). * The runtime Berkeley DB library version is now additionally output by 'exim -d -bV'. Previously only the compile-time version was shown. * Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating SMTP connection. * Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by routers. * Bug 2174: A timeout on connect for a callout was also erroneously seen as a timeout on read on a GnuTLS initiating connection, resulting in the initiating connection being dropped. * Relax results from ACL control request to enable cutthrough, in unsupported situations, from error to silently (except under debug) ignoring. * Fix Buffer overflow in base64d() (CVE-2018-6789) * Fix bug in DKIM verify: a buffer overflow could corrupt the malloc metadata, resulting in a crash in free(). * Fix broken Heimdal GSSAPI authenticator integration. * Bug 2113: Fix conversation closedown with the Avast malware scanner. * Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail ACL. * Speed up macro lookups during configuration file read, by skipping non- macro text after a replacement (previously it was only once per line) and by skipping builtin macros when searching for an uppercase lead character. * DANE support moved from Experimental to mainline. The Makefile control for the build is renamed. * Fix memory leak during multi-message connections using STARTTLS. * Bug 2236: When a DKIM verification result is overridden by ACL, DMARC reported the original. Fix to report (as far as possible) the ACL result replacing the original. * Fix memory leak during multi-message connections using STARTTLS under OpenSSL * Bug 2242: Fix exim_dbmbuild to permit directoryless filenames. * Fix utf8_downconvert propagation through a redirect router. * Bug 2253: For logging delivery lines under PRDR, append the overall DATA response info to the (existing) per-recipient response info for the 'C=' log element. * Bug 2251: Fix ldap lookups that return a single attribute having zero- length value. * Support Avast multiline protocol, this allows passing flags to newer versions of the scanner. * Ensure that variables possibly set during message acceptance are marked dead before release of memory in the daemon loop. * Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such as a multi-recipient message from a mailinglist manager). * The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being replaced by the ${authresults } expansion. * Bug 2257: Fix pipe transport to not use a socket-only syscall. * Set a handler for SIGTERM and call exit(3) if running as PID 1. This allows proper process termination in container environments. * Bug 2258: Fix spool_wireformat in combination with LMTP transport. Previously the 'final dot' had a newline after it; ensure it is CR,LF. * SPF: remove support for the 'spf' ACL condition outcome values 'err_temp' and 'err_perm', deprecated since 4.83 when the RFC-defined words ' temperror' and 'permerror' were introduced. * Re-introduce enforcement of no cutthrough delivery on transports having transport-filters or DKIM-signing. * Cutthrough: for a final-dot response timeout (and nonunderstood responses) in defer=pass mode supply a 450 to the initiator. Previously the message would be spooled. * DANE: add dane_require_tls_ciphers SMTP Transport option; if unset, tls_require_ciphers is used as before. * Malware Avast: Better match the Avast multiline protocol. * Fix reinitialisation of DKIM logging variable between messages. * Bug 2255: Revert the disable of the OpenSSL session caching. * Add util/renew-opendmarc-tlds.sh script for safe renewal of public suffix list. * DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form, since the IETF WG has not yet settled on that versus the original 'bare' representation. * Fix syslog logging for syslog_timestamp=no and log_selector +millisec. Previously the millisecond value corrupted the output. Fix also for syslog_pid=no and log_selector +pid, for which the pid corrupted the output. - Replace xorg-x11-devel by individual pkgconfig() buildrequires. - update to 4.90.1 * Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly during configuration. Wildcards are allowed and expanded. * Shorten the log line for daemon startup by collapsing adjacent sets of identical IP addresses on different listening ports. Will also affect 'exiwhat' output. * Tighten up the checking in isip4 (et al): dotted-quad components larger than 255 are no longer allowed. * Default openssl_options to include +no_ticket, to reduce load on peers. Disable the session-cache too, which might reduce our load. Since we currrectly use a new context for every connection, both as server and client, there is no benefit for these. * Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at <https://reproducible-builds.org/specs/source-date-epoch/>. * Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously the check for any unsuccessful recipients did not notice the limit, and erroneously found still-pending ones. * Pipeline CHUNKING command and data together, on kernels that support MSG_MORE. Only in-clear (not on TLS connections). * Avoid using a temporary file during transport using dkim. Unless a transport-filter is involved we can buffer the headers in memory for creating the signature, and read the spool data file once for the signature and again for transmission. * Enable use of sendfile in Linux builds as default. It was disabled in 4.77 as the kernel support then wasn't solid, having issues in 64bit mode. Now, it's been long enough. Add support for FreeBSD also. * Add commandline_checks_require_admin option. * Do pipelining under TLS. * For the 'sock' variant of the malware scanner interface, accept an empty cmdline element to get the documented default one. Previously it was inaccessible. * Prevent repeated use of -p/-oMr * DKIM: enforce the DNS pubkey record 'h' permitted-hashes optional field, if present. * DKIM: when a message has multiple signatures matching an identity given in dkim_verify_signers, run the dkim acl once for each. * Support IDNA2008. * The path option on a pipe transport is now expanded before use * Have the EHLO response advertise VRFY, if there is a vrfy ACL defined. - Several bug fixes - Fix for buffer overflow in base64decode() (boo#1079832 CVE-2018-6789) Critical SUSE bug 1079832 SUSE bug 1171490 SUSE bug 1171877 SUSE bug 1173693 SUSE bug 1185631 CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-16928 CVE-2020-12783 CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28010 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28016 CVE-2020-28017 CVE-2020-28018 CVE-2020-28019 CVE-2020-28020 CVE-2020-28021 CVE-2020-28022 CVE-2020-28023 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for redis fixes the following issues: redis 6.0.13 * CVE-2021-29477: Integer overflow in STRALGO LCS command (boo#1185729) * CVE-2021-29478: Integer overflow in COPY command for large intsets (boo#1185730) * Cluster: Skip unnecessary check which may prevent failure detection * Fix performance regression in BRPOP on Redis 6.0 * Fix edge-case when a module client is unblocked redis 6.0.12: * Fix compilation error on non-glibc systems if jemalloc is not used redis 6.0.11: * CVE-2021-21309: Avoid 32-bit overflows when proto-max-bulk-len is set high (boo#1182657) * Fix handling of threaded IO and CLIENT PAUSE (failover), could lead to data loss or a crash * Fix the selection of a random element from large hash tables * Fix broken protocol in client tracking tracking-redir-broken message * XINFO able to access expired keys on a replica * Fix broken protocol in redis-benchmark when used with -a or --dbnum * Avoid assertions (on older kernels) when testing arm64 CoW bug * CONFIG REWRITE should honor umask settings * Fix firstkey,lastkey,step in COMMAND command for some commands * RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys redis 6.0.10: Command behavior changes: * SWAPDB invalidates WATCHed keys (#8239) * SORT command behaves differently when used on a writable replica (#8283) * EXISTS should not alter LRU (#8016) In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key. * OBJECT should not reveal logically expired keys (#8016) Will now behave the same TYPE or any other non-DEBUG command. * GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit (#8107) Other behavior changes: * Sentinel: Fix missing updates to the config file after SENTINEL SET command (#8229) * CONFIG REWRITE is atomic and safer, but requires write access to the config file's folder (#7824, #8051) This change was already present in 6.0.9, but was missing from the release notes. Bug fixes with compatibility implications (bugs introduced in Redis 6.0): * Fix RDB CRC64 checksum on big-endian systems (#8270) If you're using big-endian please consider the compatibility implications with RESTORE, replication and persistence. * Fix wrong order of key/value in Lua's map response (#8266) If your scripts use redis.setresp() or return a map (new in Redis 6.0), please consider the implications. Bug fixes: * Fix an issue where a forked process deletes the parent's pidfile (#8231) * Fix crashes when enabling io-threads-do-reads (#8230) * Fix a crash in redis-cli after executing cluster backup (#8267) * Handle output buffer limits for module blocked clients (#8141) Could result in a module sending reply to a blocked client to go beyond the limit. * Fix setproctitle related crashes. (#8150, #8088) Caused various crashes on startup, mainly on Apple M1 chips or under instrumentation. * Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb (#8108) In cluster mode with repl-diskless-load, when loading failed, slot map wouldn't have been restored. * Fix oom-score-adj-values range, and bug when used in config file (#8046) Enabling setting this in the config file in a line after enabling it, would have been buggy. * Reset average ttl when empty databases (#8106) Just causing misleading metric in INFO * Disable rehash when Redis has child process (#8007) This could have caused excessive CoW during BGSAVE, replication or AOFRW. * Further improved ACL algorithm for picking categories (#7966) Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER. * Fix bug with module GIL being released prematurely (#8061) Could in theory (and rarely) cause multi-threaded modules to corrupt memory. * Reduce effect of client tracking causing feedback loop in key eviction (#8100) * Fix cluster access to unaligned memory (SIGBUS on old ARM) (#7958) * Fix saving of strings larger than 2GB into RDB files (#8306) Additional improvements: * Avoid wasteful transient memory allocation in certain cases (#8286, #5954) Platform / toolchain support related improvements: * Fix crash log registers output on ARM. (#8020) * Add a check for an ARM64 Linux kernel bug (#8224) Due to the potential severity of this issue, Redis will print log warning on startup. * Raspberry build fix. (#8095) New configuration options: * oom-score-adj-values config can now take absolute values (besides relative ones) (#8046) Module related fixes: * Moved RMAPI_FUNC_SUPPORTED so that it's usable (#8037) * Improve timer accuracy (#7987) * Allow '\0' inside of result of RM_CreateStringPrintf (#6260) redis 6.0.9: * potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc. Does not affect the openSUSE package - boo#1178205 * Memory reporting of clients argv * Add redis-cli control on raw format line delimiter * Add redis-cli support for rediss:// -u prefix * WATCH no longer ignores keys which have expired for MULTI/EXEC * Correct OBJECT ENCODING response for stream type * Allow blocked XREAD on a cluster replica * TLS: Do not require CA config if not used * multiple bug fixes * Additions to modules API redis 6.0.8 (jsc#PM-1615, jsc#PM-1622, jsc#PM-1681, jsc#ECO-2417, jsc#ECO-2867, jsc#PM-1547, jsc#CAPS-56, jsc#SLE-11578, jsc#SLE-12821): * bug fixes when using with Sentinel * bug fixes when using CONFIG REWRITE * Remove THP warning when set to madvise * Allow EXEC with read commands on readonly replica in cluster * Add masters/replicas options to redis-cli --cluster call command - includes changes from 6.0.7: * CONFIG SET could hung the client when arrives during RDB/ROF loading * LPOS command when RANK is greater than matches responded with broken protocol * Add oom-score-adj configuration option to control Linux OOM killer * Show IO threads statistics and status in INFO output * Add optional tls verification mode (see tls-auth-clients) redis 6.0.6: * Fix crash when enabling CLIENT TRACKING with prefix * EXEC always fails with EXECABORT and multi-state is cleared * RESTORE ABSTTL won't store expired keys into the db * redis-cli better handling of non-pritable key names * TLS: Ignore client cert when tls-auth-clients off * Tracking: fix invalidation message on flush * Notify systemd on Sentinel startup * Fix crash on a misuse of STRALGO * Few fixes in module API * Fix a few rare leaks (STRALGO error misuse, Sentinel) * Fix a possible invalid access in defrag of scripts * Add LPOS command to search in a list * Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode * redis-cli support TLS for --pipe, --rdb and --replica options * TLS: Session caching configuration support redis 6.0.5: * Fix handling of speical chars in ACL LOAD * Make Redis Cluster more robust about operation errors that may lead to two clusters to mix together * Revert the sendfile() implementation of RDB transfer * Fix TLS certificate loading for chained certificates * Fix AOF rewirting of KEEPTTL SET option * Fix MULTI/EXEC behavior during -BUSY script errors Important SUSE bug 1178205 SUSE bug 1182657 SUSE bug 1185729 SUSE bug 1185730 CVE-2021-21309 CVE-2021-29477 CVE-2021-29478 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for p7zip fixes the following issues: - CVE-2021-3465: Fixed a NULL pointer dereference in NCompress:CCopyCoder:Code (bsc#1184699) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1184699 CVE-2021-3465 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for syncthing fixes the following issues: Update to 1.15.0/1.15.1 * This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages (CVE-2021-21404); see GHSA-x462-89pf-6r5h. (boo#1184428) * This release updates the CLI to use subcommands and adds the subcommands cli (previously standalone stcli utility) and decrypt (for offline verifying and decrypting encrypted folders). * With this release we invite everyone to test the 'untrusted (encrypted) devices' feature. You should not use it yet on important production data. Thus UI controls are hidden behind a feature flag. For more information, visit: https://forum.syncthing.net/t/testing-untrusted-encrypted-devices/16470 Update to 1.14.0 * This release adds configurable device and folder defaults. * The output format of the /rest/db/browse endpoint has changed. update to 1.13.1: * This release adds configuration options for min/max connections (see https://docs.syncthing.net/advanced/option-connection-limits.html) and moves the storage of pending devices/folders from the config to the database (see https://docs.syncthing.net/dev/rest.html#cluster-endpoints). * Bugfixes * Official builds of v1.13.0 come with the Tech Ui, which is impossible to switch back from update to 1.12.1: * Invalid names are allowed and 'auto accepted' in folder root path on Windows * Sometimes indexes for some folders aren't sent after starting Syncthing * [Untrusted] Remove Unexpected Items leaves things behind * Wrong theme on selection * Quic spamming address resolving * Deleted locally changed items still shown as locally changed * Allow specifying remote expected web UI port which would generate a href somewhere * Ignore fsync errors when saving ignore files Update to 1.12.0 - The 1.12.0 release - adds a new config REST API. - The 1.11.0 release - adds the sendFullIndexOnUpgrade option to control whether all index data is resent when an upgrade is detected, equivalent to starting Syncthing with --reset-deltas. This (sendFullIndexOnUpgrade=true) used to be the behavior in previous versions, but is mainly useful as a troubleshooting step and causes high database churn. The new default is false. - Update to 1.10.0 - This release adds the config option announceLANAddresses to enable (the default) or disable announcing private (RFC1918) LAN IP addresses to global discovery. - Update to 1.9.0 - This release adds the advanced folder option caseSensitiveFS (https://docs.syncthing.net/advanced/folder-caseSensitiveFS.html) to disable the new safe handling of case insensitive filesystems. - Fix Leap build by requiring at least Go 1.14 - Prevent the build system to download Go modules which would require an internet connection during the build - Update to 1.8.0 - The 1.8.0 release - adds the experimental copyRangeMethod config on folders, for use on filesystems with copy-on-write support. Please see https://docs.syncthing.net/advanced/folder-copyrangemethod.html for details. - adds TCP hole punching, used to establish high performance TCP connections in certain NAT scenarios where only relay or QUIC connections could be used previously. - adds a configuration to file versioning for how often to run cleanup. This defaults to once an hour, but is configurable from very frequently to never. - The 1.7.0 release performs a database migration to optimize for clusters with many devices. - The 1.6.0 release performs a database schema migration, and adds the BlockPullOrder, DisableFsync and MaxConcurrentWrites folder options to the configuration schema. The LocalChangeDetected event no longer has the action set to added for new files, instead showing modified for all local file changes. - The 1.5.0 release changes the default location for the index database under some circumstances. Two new flags can also be used to affect the location of the configuration (-config) and database (-data) separately. The old -home flag is equivalent to setting both of these to the same directory. When no flags are given the following logic is used to determine the data location: If a database exists in the old default location, that location is still used. This means existing installations are not affected by this change. If $XDG_DATA_HOME is set, use $XDG_DATA_HOME/syncthing. If ~/.local/share/syncthing exists, use that location. Use the old default location. - Update to 1.4.2: - Bugfixes: - #6499: panic: nil pointer dereference in usage reporting - Other issues: - revert a change to the upgrade code that puts unnecessary load on the upgrade server - Update to 1.4.1: - Bugfixes: - #6289: 'general SOCKS server failure' since syncthing 1.3.3 - #6365: Connection errors not shown in GUI - #6415: Loop in database migration 'folder db index missing' after upgrade to v1.4.0 - #6422: 'fatal error: runtime: out of memory' during database migration on QNAP NAS - Enhancements: - #5380: gui: Display folder/device name in modal - #5979: UNIX socket permission bits - #6384: Do auto upgrades early and synchronously on startup - Other issues: - #6249: Remove unnecessary RAM/CPU stats from GUI - Update to 1.4.0: - Important changes: - New config option maxConcurrentIncomingRequestKiB - Replace config option maxConcurrentScans with maxFolderConcurrency - Improve database schema - Bugfixes: - #4774: Doesn't react to Ctrl-C when run in a subshell with -no-restart (Linux) - #5952: panic: Should never get a deleted file as needed when we don't have it - #6281: Progress emitter uses 100% CPU - #6300: lib/ignore: panic: runtime error: index out of range [0] with length 0 - #6304: Syncing issues, database missing sequence entries - #6335: Crash or hard shutdown can case database inconsistency, out of sync - Enhancements: - #5786: Consider always running the monitor process - #5898: Database performance: reduce duplication - #5914: Limit folder concurrency to improve performance - #6302: Avoid thundering herd issue by global request limiter - Change the Go build requirement to a more flexible 'golang(API) >= 1.12'. Moderate SUSE bug 1184428 CVE-2021-21404 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for vlc fixes the following issues: Update to version 3.0.13: + Demux: - Adaptive: fix artefacts in HLS streams with wrong profiles/levels - Fix regression on some MP4 files for the audio track - Fix MPGA and ADTS probing in TS files - Fix Flac inside AVI files - Fix VP9/Webm artefacts when seeking + Codec: - Support SSA text scaling - Fix rotation on Android rotation - Fix WebVTT subtitles that start at 00:00 + Access: - Update libnfs to support NFSv4 - Improve SMB2 integration - Fix Blu-ray files using Unicode names on Windows - Disable mcast lookups on Android for RTSP playback + Video Output: Rework the D3D11 rendering wait, to fix choppiness on display + Interfaces: - Fix VLC getting stuck on close on X11 (#21875) - Improve RTL on preferences on macOS - Add mousewheel horizontal axis control - Fix crash on exit on macOS - Fix sizing of the fullscreen controls on macOS + Misc: - Improve MIDI fonts search on Linux - Update Soundcloud, Youtube, liveleak - Fix compilation with GCC11 - Fix input-slave option for subtitles + Updated translations. Update to version 3.0.12: + Access: Add new RIST access module compliant with simple profile (VSF_TR-06-1). + Access Output: Add new RIST access output module compliant with simple profile (VSF_TR-06-1). + Demux: Fixed adaptive's handling of resolution settings. + Audio output: Fix audio distortion on macOS during start of playback. + Video Output: Direct3D11: Fix some potential crashes when using video filters. + Misc: - Several fixes in the web interface, including privacy and security improvements - Update YouTube and Vocaroo scripts. + Updated translations. Moderate SUSE bug 1181918 CVE-2020-26664 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1184521 CVE-2021-3468 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for monitoring-plugins-smart fixes the following issues: monitoring-plugins-smart was updated to 6.9.1: This is a security-release (boo#1183057) + Fixes the regular expression for pseudo-devices under the /dev/bus/N path. from 6.9.0 + Allows using PCI device paths as device name(s) (#64) + Introduce new optional parameter -l/--ssd-lifetime) which additionally checks SMART attribute 'Percent_Lifetime_Remain' (available on some SSD drives). (#66 #67) from 6.8.0 + Allow skip self-assessment check (--skip-self-assessment) + Add Command_Timeout to default raw list from 6.7.1 + Bugfix to make --warn work (issue #54) from 6.7.0 + Added support for NVMe drives from 6.6.1 + Fix 'deprecation warning on regex with curly brackets' (6.6.1) from 6.6.0 + The feature was requested in #30 . This PR adds the possibility to use 3ware,N and cciss,N drives in combination with the global -g parameter. + Furthermore this PR adjusts the output of the plugin when the -g is used in combination with hardware raid controllers. Instead of showing the logical device name (/dev/sda for example), the plugin will now show the controller with drive number from 6.5.0: + Add Reported_Uncorrect and Reallocated_Event_Count to default raw list. + As of 6.5 the following SMART attributes are by default checked and may result in alert when threshold (default 0 is reached): 'Current_Pending_Sector,Reallocated_Sector_Ct,Program_Fail_Cnt_Total, Uncorrectable_Error_Cnt,Offline_Uncorrectable,Runtime_Bad_Block, Reported_Uncorrect,Reallocated_Event_Count' - Update to version 6.4 - Allow detection of more than 26 devices / issue #5 (rev 5.3) - Different ATA vs. SCSI lookup (rev 5.4) - Allow script to run outside of nagios plugins dir / wiki url update (rev 5.5) - Change syntax of -g parameter (regex is now awaited from input) (rev 5.6) - Fix Use of uninitialized value $device (rev 5.7) - Allow multiple devices for interface type megaraid, e.g. 'megaraid,[1-5]' (rev 5.8) - allow type 'auto' (rev 5.9) - Check selftest log for errors using new parameter -s (rev 5.10) - Add exclude list (-e) to ignore certain attributes (5.11) - Fix 'Use of uninitialized value' warnings (5.11.1) - Add raw check list (-r) and warning thresholds (-w) (6.0) - Allow using pseudo bus device /dev/bus/N (6.1) - Add device model and serial number in output (6.2) - Allow exclusion from perfdata as well (-E) and by attribute number (6.3) - Remove dependency on utils.pm, add quiet parameter (6.4) - Drop not longer needed patch: * enable_auto_interface.patch (obsolete, type auto was added upstream in v5.9). Important SUSE bug 1183057 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for perl-Image-ExifTool fixes the following issues: Update to version 12.25 fixes (boo#1185547 CVE-2021-22204) * JPEG XL support is now official * Added read support for Medical Research Council (MRC) image files * Added ability to write a number of 3gp tags in video files * Added a new Sony PictureProfile value (thanks Jos Roost) * Added a new Sony LensType (thanks LibRaw) * Added a new Nikon LensID (thanks Niels Kristian Bech Jensen) * Added a new Canon LensType * Decode more GPS information from Blackvue dashcam videos * Decode a couple of new NikonSettings tags (thanks Warren Hatch) * Decode a few new RIFF tags * Improved Validate option to add minor warning if standard XMP is missing xpacket wrapper * Avoid decoding some large arrays in DNG images to improve performance unless the -m option is used * Patched bug that could give runtime warning when trying to write an empty XMP structure * Fixed decoding of ImageWidth/Height for JPEG XL images * Fixed problem were Microsoft Xtra tags couldn't be deleted version 12.24: * Added a new PhaseOne RawFormat value (thanks LibRaw) * Decode a new Sony tag (thanks Jos Roost) * Decode a few new Panasonic and FujiFilm tags (thanks LibRaw and Greybeard) * Patched security vulnerability in DjVu reader * Updated acdsee.config in distribution (thanks StarGeek) * Recognize AutoCAD DXF files * More work on experimental JUMBF read support * More work on experimental JPEG XL read/write support version 12.23: * Added support for Olympus ORI files * Added experimental read/write support for JPEG XL images * Added experimental read support for JUMBF metadata in JPEG and Jpeg2000 images * Added built-in support for parsing GPS track from Denver ACG-8050 videos with the -ee option * Added a some new Sony lenses (thanks Jos Roost and LibRaw) * Changed priority of Samsung trailer tags so the first DepthMapImage takes precedence when -a is not used * Improved identification of M4A audio files * Patched to avoid escaping ',' in 'Binary data' message when -struct is used * Removed Unknown flag from MXF VideoCodingSchemeID tag * Fixed -forcewrite=EXIF to apply to EXIF in binary header of EPS files * API Changes: + Added BlockExtract option version 12.22: * Added a few new Sony LensTypes and a new SonyModelID (thanks Jos Roost and LibRaw) * Added Extra BaseName tag * Added a new CanonModelID (thanks LibRaw) * Decode timed GPS from unlisted programs in M2TS videos with the -ee3 option * Decode more Sony rtmd tags * Decode some tags for the Sony ILME-FX3 (thanks Jos Roost) * Allow negative values to be written to XMP-aux:LensID * Recognize HEVC video program in M2TS files * Enhanced -b option so --b suppresses tags with binary data * Improved flexibility when writing GPS coordinates: + Now pulls latitude and longitude from a combined GPSCoordinates string + Recognizes the full word 'South' and 'West' to write negative coordinates * Improved warning when trying to write an integer QuickTime date/time tag and Time::Local is not available * Convert GPSSpeed from mph to km/h in timed GPS from Garmin MP4 videos version 12.21: * Added a few new iOS QuickTime tags * Decode a couple more Sony rtmd tags * Patch to avoid possible 'Use of uninitialized value' warning when attempting to write QuickTime date/time tags with an invalid value * Fixed problem writing Microsoft Xtra tags * Fixed Windows daylight savings time patch for file times that was broken in 12.19 (however directory times will not yet handle DST properly) version 12.20: * Added ability to write some Microsoft Xtra tags in MOV/MP4 videos * Added two new Canon LensType values (thanks Norbert Wasser) * Added a new Nikon LensID * Fixed problem reading FITS comments that start before column 11 version 12.19: * Added -list_dir option * Added the 'ls-l' Shortcut tag * Extract Comment and History from FITS files * Enhanced FilePermissions to include device type (similar to 'ls -l') * Changed the name of Apple ContentIdentifier tag to MediaGroupUUID (thanks Neal Krawetz) * Fixed a potential 'substr outside of string' runtime error when reading corrupted EXIF * Fixed edge case where NikonScanIFD may not be copied properly when copying MakerNotes to another file * API Changes: + Added ability to read/write System tags of directories + Enhanced GetAllGroups() to support family 7 and take optional ExifTool reference + Changed QuickTimeHandler option default to 1 version 12.18: * Added a new SonyModelID * Decode a number of Sony tags for the ILCE-1 (thanks Jos Roost) * Decode a couple of new Canon tags (thanks LibRaw) * Patched to read differently formatted UserData:Keywords as written by iPhone * Patched to tolerate out-of-order Nikon MakerNote IFD entries when obtaining tags necessary for decryption * Fixed a few possible Condition warnings for some NikonSettings tags version 12.17: * Added a new Canon FocusMode value * Added a new FujiFilm FilmMode value * Added a number of new XMP-crs tags (thanks Herb) * Decode a new H264 MDPM tag * Allow non-conforming lower-case XMP boolean 'true' and 'false' values to be written, but only when print conversion is disabled * Improved Validate option to warn about non-capitalized boolean XMP values * Improved logic for setting GPSLatitude/LongitudeRef values when writing * Changed -json and -php options so the -a option is implied even without the -g option * Avoid extracting audio/video data from AVI videos when -ee -u is used * Patched decoding of Canon ContinuousShootingSpeed for newer firmware versions of the EOS-1DXmkIII * Re-worked LensID patch of version 12.00 (github issue #51) * Fixed a few typos in newly-added NikonSettings tags (thanks Herb) * Fixed problem where group could not be specified for PNG-pHYs tags when writing version 12.16: * Extract another form of video subtitle text * Enhanced -ee option with -ee2 and -ee3 to allow parsing of the H264 video stream in MP4 files * Changed a Nikon FlashMode value * Fixed problem that caused a failed DPX test on Strawberry Perl * API Changes: + Enhanced ExtractEmbedded option version 12.15: * Added a couple of new Sony LensType values (thanks LibRaw and Jos Roost) * Added a new Nikon FlashMode value (thanks Mike) * Decode NikonSettings (thanks Warren Hatch) * Decode thermal information from DJI RJPEG images * Fixed extra newline in -echo3 and -echo4 outputs added in version 12.10 * Fixed out-of-memory problem when writing some very large PNG files under Windows version 12.14: * Added support for 2 more types of timed GPS in video files (that makes 49 different formats now supported) * Added validity check for PDF trailer dictionary Size * Added a new Pentax LensType * Extract metadata from Jpeg2000 Association box * Changed -g:XX:YY and -G:XX:YY options to show empty strings for non-existent groups * Patched to issue warning and avoid writing date/time values with a zero month or day number * Patched to avoid runtime warnings if trying to set FileName to an empty string * Fixed issue that could cause GPS test number 12 to fail on some systems * Fixed problem extracting XML as a block from Jpeg2000 images, and extract XML tags in the XML group instead of XMP - Update URL update to 12.13: * Add time zone automatically to most string-based QuickTime date/time tags when writing unless the PrintConv option is disabled * Added -i HIDDEN option to ignore files with names that start with '.' * Added a few new Nikon ShutterMode values (thanks Jan Skoda) * Added ability to write Google GCamera MicroVideo XMP tags * Decode a new Sony tag (thanks LibRaw) * Changed behaviour when writing only pseudo tags to return an error and avoid writing any other tags if writing FileName fails * Print 'X image files read' message even if only 1 file is read when at least one other file has failed the -if condition * Added ability to geotag from DJI CSV log files * Added a new CanonModelID * Added a couple of new Sony LensType values (thanks LibRaw) * Enhanced -csvDelim option to allow '\t', '\n', '\r' and '\\' * Unescape '\b' and '\f' in imported JSON values * Fixed bug introduced in 12.10 which generated a 'Not an integer' warning when attempting to shift some QuickTime date/time tags * Fixed shared-write permission problem with -@ argfile when using -stay_open and a filename containing special characters on Windows * Added -csvDelim option * Added new Canon and Olympus LensType values (thanks LibRaw) * Added a warning if ICC_Profile is deleted from an image (github issue #63) * EndDir() function for -if option now works when -fileOrder is used * Changed FileSize conversion to use binary prefixes since that is how the conversion is currently done (eg. MiB instead of MB) * Patched -csv option so columns aren't resorted when using -G option and one of the tags is missing from a file * Fixed incompatiblity with Google Photos when writing UserData:GPSCoordinates to MP4 videos * Fixed problem where the tags available in a -p format string were limited to the same as the -if[NUM] option when NUM was specified * Fixed incorrect decoding of SourceFileIndex/SourceDirectoryIndex for Ricoh models Update to 12.10 * Added -validate test for proper TIFF magic number in JPEG EXIF header * Added support for Nikon Z7 LensData version 0801 * Added a new XMP-GPano tag * Decode ColorData for the Canon EOS 1DXmkIII * Decode more tags for the Sony ILCE-7SM3 * Automatically apply QuickTimeUTC option for CR3 files * Improved decoding of XAttrMDLabel from MacOS files * Ignore time zones when writing date/time values and using the -d option * Enhanced -echo3 and -echo4 options to allow exit status to be returned * Changed -execute so the -q option no longer suppresses the '{ready}' message when a synchronization number is used * Added ability to copy CanonMakerNotes from CR3 images to other file types * Added read support for ON1 presets file (.ONP) * Added two new CanonModelID values * Added trailing '/' when writing QuickTime:GPSCoordinates * Added a number of new XMP-crs tags * Added a new Sony LensType (thanks Jos Roost) * Added a new Nikon Z lens (thanks LibRaw) * Added a new Canon LensType * Decode ColorData for Canon EOS R5/R6 * Decode a couple of new HEIF tags * Decode FirmwareVersion for Canon M50 * Improved decoding of Sony CreativeStyle tags * Improved parsing of Radiance files to recognize comments * Renamed GIF AspectRatio tag to PixelAspectRatio * Patched EndDir() feature so subdirectories are always processed when -r is used (previously, EndDir() would end processing of a directory completely) * Avoid loading GoPro module unnecessarily when reading MP4 videos from some other cameras * Fixed problem with an incorrect naming of CodecID tags in some MKV videos * Fixed verbose output to avoid 'adding' messages for existing flattened XMP tags * Added a new Sony LensType * Recognize Mac OS X xattr files * Extract ThumbnailImage from MP4 videos of more dashcam models * Improved decoding of a number of Sony tags * Fixed problem where the special -if EndDir() function didn't work properly for directories after the one in which it was initially called * Patched to read DLL files which don't have a .rsrc section * Patched to support new IGC date format when geotagging * Patched to read DLL files with an invalid size in the header * Added support for GoPro .360 videos * Added some new Canon RF and Nikkor Z lenses * Added some new Sony LensType and CreativeStyle values and decode some ILCE-7C tags * Added a number of new Olympus SceneMode values * Added a new Nikon LensID * Decode more timed metadata from Insta360 videos * Decode timed GPS from videos of more Garmin dashcam models * Decode a new GoPro video tag * Reformat time-only EventTime values when writing and prevent arbitrary strings from being written * Patched to accept backslashes in SourceFile entries for -csv option update to 12.06 * Added read support for Lyrics3 metadata (and fixed problem where APE metadata may be ignored if Lyrics3 exists) * Added a new Panasonic VideoBurstMode value * Added a new Olympus MultipleExposureMode value * Added a new Nikon LensID * Added back conversions for XMP-dwc EventTime that were removed in 12.04 with a patch to allow time-only values * Decode GIF AspectRatio * Decode Olympus FocusBracketStepSize * Extract PNG iDOT chunk in Binary format with the name AppleDataOffsets * Process PNG images which do not start with mandatory IHDR chunk * Added a new Panasonic SelfTimer value * Decode a few more DPX tags * Extract AIFF APPL tag as ApplicationData * Fixed bug writing QuickTime ItemList 'gnre' Genre values * Fixed an incorrect value for Panasonic VideoBurstResolution * Fixed problem when applying a time shift to some invalid makernote date/time values update to 12.04: * See /usr/share/doc/packages/perl-Image-ExifTool/Change update to 11.50, see Image-ExifTool-11.50.tar.gz for details Update to version 11.30: * Add a new Sony/Minolta LensType. * Decode streaming metadata from TomTom Bandit Action Cam MP4 videos. * Decode Reconyx HF2 PRO maker notes. * Decode ColorData for some new Canon models. * Enhanced -geotag feature to set AmbientTemperature if available. * Remove non-significant spaces from some DICOM values. * Fix possible ''x' outside of string' error when reading corrupted EXIF. * Fix incorrect write group for GeoTIFF tags. Update to version 11.29 * See /usr/share/doc/packages/perl-Image-ExifTool/Changes Update to version 11.27 * See /usr/share/doc/packages/perl-Image-ExifTool/Changes Update to version 11.24 * See /usr/share/doc/packages/perl-Image-ExifTool/Changes Update to version 11.11 (changes since 11.01): * See /usr/share/doc/packages/perl-Image-ExifTool/Changes Update to 11.01: * Added a new ProfileCMMType * Added a Validate warning about non-standard EXIF or XMP in PNG images * Added a new Canon LensType * Decode a couple more PanasonicRaw tags * Patched to avoid adding tags to QuickTime videos with multiple 'mdat' atoms --> avoids potential corruption of these videos! Update to 11.00: * Added read support for WTV and DVR-MS videos * Added print conversions for some ASF date/time tags * Added a new SonyModelID * Decode a new PanasonicRaw tag * Decode some new Sony RX100 VI tags * Made Padding and OffsetSchema tags 'unsafe' so they aren't copied by default Important SUSE bug 1185547 CVE-2021-22204 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Update to version 76.0.4017.94 - released on the stable branch Update to version 76.0.4017.88 - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85 - DNA-92219 Add bookmark API supports to the front-end - DNA-92409 [MAC] ‘Present now’ options windows appear behind detached window - DNA-92615 Capture tab from the tab context menu - DNA-92616 Capture tab from Snapshot - DNA-92617 Capture tab from image context menu - DNA-92652 Opera 76 translations - DNA-92680 Make image selector on any page work like bookmarks popup WP2 - DNA-92707 Crash at void base::ObserverList::AddObserver(class content::PrerenderHost::Observer*) - DNA-92710 Autoupdate on macOS 11.3 not working - DNA-92711 Make image selector on any page work like bookmarks popup WP3 - DNA-92730 Make image selector on any page work like bookmarks popup WP4 - DNA-92761 Make image selector on any page work like bookmarks popup WP5 - DNA-92776 Make image selector on any page work like bookmarks popup WP6 - DNA-92862 Make “View pinboards” button work - DNA-92906 Provide in-house translations for Cashback strings to Spanish - DNA-92908 API collides with oneclick installer - The update to chromium 90.0.4430.85 fixes following issues: - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226 - Complete Opera 76.0 changelog at: https://blogs.opera.com/desktop/changelog-for-76/ Update to version 75.0.3969.218 - CHR-8393 Update chromium on desktop-stable-89-3969 to 89.0.4389.128 - DNA-92113 Windows debug fails to compile opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj - DNA-92198 [Arm] Update signing scripts - DNA-92200 [Arm] Create universal packages from two buildsets - DNA-92338 [Search tabs] The preview isn’t updated when the tab from another window is closed - DNA-92410 [Download popup] Selected item still looks bad in dark mode - DNA-92441 Compilation error - DNA-92514 Allow to generate universal DMG package from existing universal .tar.xz - DNA-92608 Opera 75 crash during rapid workspace switching - DNA-92627 Crash at automation::Error::code() - DNA-92630 Crash at opera::PremiumExtensionPersistentPrefStorageImpl::IsPremiumExtensionFeatureEnabled() - DNA-92648 Amazon icon disappears from Sidebar Extensions section after pressing Hide Amazon button - DNA-92681 Add missing string in Japanese - DNA-92684 Fix issues with signing multiple bsids - DNA-92706 Update repack generation from universal packages - DNA-92725 Enable IPFS for all channels - The update to chromium 89.0.4389.128 fixes following issues: CVE-2021-21206, CVE-2021-21220 Important CVE-2021-21206 CVE-2021-21220 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nagios fixes the following issues: - new nagios-exec-start-post script to fix boo#1003362 - fix nagios_upgrade.sh writing to log file in user controlled directory (boo#1182398). The nagios_upgrade.sh script writes the logfile directly below /var/log/ nagios was updated to 4.4.6: * Fixed Map display in Internet Explorer 11 (#714) * Fixed duplicate properties appearing in statusjson.cgi (#718) * Fixed NERD not building when enabled in ./configure (#723) * Fixed build process when using GCC 10 (#721) * Fixed postauth vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-13977, boo#1172794) * When using systemd, configuration will be verified before reloading (#715) * Fixed HARD OK states triggering on the maximum check attempt (#757) * Fix for CVE-2016-6209 (boo#989759) - The 'corewindow' parameter (as in bringing this to our attention go to Dawid Golunski (boo#1014637) Important SUSE bug 1003362 SUSE bug 1014637 SUSE bug 1172794 SUSE bug 1182398 SUSE bug 989759 CVE-2016-6209 CVE-2020-13977 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: The netfilter subsystem allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf (bnc#1184208). - CVE-2021-29155: kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - Move upstreamed i915 fix into sorted section - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use 'aer' variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - Revert 'USB: cdc-acm: fix rounding error in TIOCSSERIAL' (git-fixes). - Revert 'bcache: Kill btree_io_wq' (git-fixes). - Revert 'dm cache: fix arm link errors with inline' (git-fixes). - USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - USB: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - USB: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - USB: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - USB: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: fix return value for unsupported ioctls (git-fixes). - USB: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Update in-core bitset after committing the metadata (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm raid: fix discard limits for raid1 (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: update the buffer layout for non-A050385 erratum scenarios (git-fixes). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igb: check timestamp validity (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iopoll: introduce read_poll_timeout macro (git-fixes). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: atmel: Update ecc_stats.corrected counter (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx4_en: update moderation when config reset (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: sanitize KATO setting (bsc#1179825). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: lewisburg: Update number of pins in community (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - series.conf: cleanup - series.conf: cleanup - series.conf: cleanup - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz &lt; p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - thermal/drivers/cpufreq_cooling: Update cpufreq_state only if state has changed (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). Important SUSE bug 1043990 SUSE bug 1055117 SUSE bug 1065729 SUSE bug 1152457 SUSE bug 1152489 SUSE bug 1156395 SUSE bug 1167260 SUSE bug 1168838 SUSE bug 1174416 SUSE bug 1174426 SUSE bug 1178089 SUSE bug 1179243 SUSE bug 1179825 SUSE bug 1179851 SUSE bug 1180846 SUSE bug 1181161 SUSE bug 1182613 SUSE bug 1182999 SUSE bug 1183063 SUSE bug 1183203 SUSE bug 1183289 SUSE bug 1184208 SUSE bug 1184209 SUSE bug 1184436 SUSE bug 1184514 SUSE bug 1184650 SUSE bug 1184724 SUSE bug 1184728 SUSE bug 1184730 SUSE bug 1184731 SUSE bug 1184736 SUSE bug 1184737 SUSE bug 1184738 SUSE bug 1184740 SUSE bug 1184741 SUSE bug 1184742 SUSE bug 1184760 SUSE bug 1184811 SUSE bug 1184893 SUSE bug 1184934 SUSE bug 1184942 SUSE bug 1184957 SUSE bug 1184969 SUSE bug 1184984 SUSE bug 1185041 SUSE bug 1185113 SUSE bug 1185233 SUSE bug 1185244 SUSE bug 1185269 SUSE bug 1185365 SUSE bug 1185454 SUSE bug 1185472 SUSE bug 1185491 SUSE bug 1185549 SUSE bug 1185586 SUSE bug 1185587 SUSE bug 1185606 CVE-2021-29155 CVE-2021-29650 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.11+9 (April 2021 CPU) * CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055) * CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder (bsc#1185056) - moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1184606 SUSE bug 1185055 SUSE bug 1185056 CVE-2021-2161 CVE-2021-2163 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for virtualbox fixes the following issues: virtualbox was updated to 6.1.22 (released April 29 2021 by Oracle) This is a maintenance release. The following items were fixed and/or added: - VMM: Improved performance of 64-bit Windows and Solaris guests when Hyper-V is used on recent Windows 10 hosts - VMM: Fixed frequent crashes of 64-bit Windows Vista and Server 2003 guests when Hyper-V is used - GUI: Fixed regression where user was not able to save unset default shortcuts (bug #20305) - Storage: Fixed regression in LsiLogic SAS controller emulation caused VM crash (bug #20323) - Linux Guest Additions: Fixed issue when it was not possible to run executables from mounted share (bug #20320) - Fixes for CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 - Version bump to (released April 20 2021 by Oracle) File 'virtualbox-kmp-files-leap' is deleted. - Use distconfdir for xinitrc.d files on TW - Improve autostart security boo#1182918. Important SUSE bug 1182918 CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 CVE-2021-25319 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for drbd-utils fixes the following issues: - make all binaries in position independent (bsc#1185132). This update was imported from the SUSE:SLE-15-SP2:Update update project. Low SUSE bug 1185132 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for prosody fixes the following issues: prosody was updated to 0.11.9: Security: * mod_limits, prosody.cfg.lua: Enable rate limits by default * certmanager: Disable renegotiation by default * mod_proxy65: Restrict access to local c2s connections by default * util.startup: Set more aggressive defaults for GC * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits * mod_authinternal{plain,hashed}: Use constant-time string comparison for secrets * mod_dialback: Remove dialback-without-dialback feature * mod_dialback: Use constant-time comparison with hmac Minor changes: * util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp) * mod_c2s: Don’t throw errors in async code when connections are gone * mod_c2s: Fix traceback in session close when conn is nil * core.certmanager: Improve detection of LuaSec/OpenSSL capabilities * mod_saslauth: Use a defined SASL error * MUC: Add support for advertising muc#roomconfig_allowinvites in room disco#info * mod_saslauth: Don’t throw errors in async code when connections are gone * mod_pep: Advertise base pubsub feature (fixes #1632: mod_pep missing pubsub feature in disco) * prosodyctl check config: Add ‘gc’ to list of global options * prosodyctl about: Report libexpat version if known * util.xmppstream: Add API to dynamically configure the stanza size limit for a stream * util.set: Add is_set() to test if an object is a set * mod_http: Skip IP resolution in non-proxied case * mod_c2s: Log about missing conn on async state changes * util.xmppstream: Reduce internal default xmppstream limit to 1MB Relevant: https://prosody.im/security/advisory_20210512 * boo#1186027: Prosody XMPP server advisory 2021-05-12 * CVE-2021-32919 * CVE-2021-32917 * CVE-2021-32917 * CVE-2021-32920 * CVE-2021-32918 Update to 0.11.8: Security: * mod_saslauth: Disable ‘tls-unique’ channel binding with TLS 1.3 (#1542) Fixes and improvements: * net.websocket.frames: Improve websocket masking performance by using the new util.strbitop * util.strbitop: Library for efficient bitwise operations on strings Minor changes: * MUC: Correctly advertise whether the subject can be changed (#1155) * MUC: Preserve disco ‘node’ attribute (or lack thereof) in responses (#1595) * MUC: Fix logic bug causing unnecessary presence to be sent (#1615) * mod_bosh: Fix error if client tries to connect to component (#425) * mod_bosh: Pick out the ‘wait’ before checking it instead of earlier * mod_pep: Advertise base PubSub feature (#1632) * mod_pubsub: Fix notification stanza type setting (#1605) * mod_s2s: Prevent keepalives before client has established a stream * net.adns: Fix bug that sent empty DNS packets (#1619) * net.http.server: Don’t send Content-Length on 1xx/204 responses (#1596) * net.websocket.frames: Fix length calculation bug (#1598) * util.dbuffer: Make length API in line with Lua strings * util.dbuffer: Optimize substring operations * util.debug: Fix locals being reported under wrong stack frame in some cases * util.dependencies: Fix check for Lua bitwise operations library (#1594) * util.interpolation: Fix combination of filters and fallback values #1623 * util.promise: Preserve tracebacks * util.stanza: Reject ASCII control characters (#1606) * timers: Ensure timers can’t block other processing (#1620) Update to 0.11.7: Security: * mod_websocket: Enforce size limits on received frames (fixes #1593) Fixes and improvements: * mod_c2s, mod_s2s: Make stanza size limits configurable * Add configuration options to control Lua garbage collection parameters * net.http: Backport SNI support for outgoing HTTP requests (#409) * mod_websocket: Process all data in the buffer on close frame and connection errors (fixes #1474, #1234) * util.indexedbheap: Fix heap data structure corruption, causing some timers to fail after a reschedule (fixes #1572) Update to 0.11.6: Fixes and improvements: * mod_storage_internal: Fix error in time limited queries on items without ‘when’ field, fixes #1557 * mod_carbons: Fix handling of incoming MUC PMs #1540 * mod_csi_simple: Consider XEP-0353: Jingle Message Initiation important * mod_http_files: Avoid using inode in etag, fixes #1498: Fail to download file on FreeBSD * mod_admin_telnet: Create a DNS resolver per console session (fixes #1492: Telnet console DNS commands reduced usefulness) * core.certmanager: Move EECDH ciphers before EDH in default cipherstring (fixes #1513) * mod_s2s: Escape invalid XML in loggin (same way as mod_c2s) (fixes #1574: Invalid XML input on s2s connection is logged unescaped) * mod_muc: Allow control over the server-admins-are-room-owners feature (see #1174) * mod_muc_mam: Remove spoofed archive IDs before archiving (fixes #1552: MUC MAM may strip its own archive id) * mod_muc_mam: Fix stanza id filter event name, fixes #1546: mod_muc_mam does not strip spoofed stanza ids * mod_muc_mam: Fix missing advertising of XEP-0359, fixes #1547: mod_muc_mam does not advertise stanza-id Minor changes: * net.http API: Add request:cancel() method * net.http API: Fix traceback on invalid URL passed to request() * MUC: Persist affiliation_data in new MUC format * mod_websocket: Fire event on session creation (thanks Aaron van Meerten) * MUC: Always include ‘affiliation’/‘role’ attributes, defaulting to ‘none’ if nil * mod_tls: Log when certificates are (re)loaded * mod_vcard4: Report correct error condition (fixes #1521: mod_vcard4 reports wrong error) * net.http: Re-expose destroy_request() function (fixes unintentional API breakage) * net.http.server: Strip port from Host header in IPv6 friendly way (fix #1302) * util.prosodyctl: Tell prosody do daemonize via command line flag (fixes #1514) * SASL: Apply saslprep where necessary, fixes #1560: Login fails if password contains special chars * net.http.server: Fix reporting of missing Host header * util.datamanager API: Fix iterating over “users” (thanks marc0s) * net.resolvers.basic: Default conn_type to ‘tcp’ consistently if unspecified (thanks marc0s) * mod_storage_sql: Fix check for deletion limits (fixes #1494) * mod_admin_telnet: Handle unavailable cipher info (fixes #1510: mod_admin_telnet backtrace) * Log warning when using prosodyctl start/stop/restart * core.certmanager: Look for privkey.pem to go with fullchain.pem (fixes #1526) * mod_storage_sql: Add index covering sort_id to improve performance (fixes #1505) * mod_mam,mod_muc_mam: Allow other work to be performed during archive cleanup (fixes #1504) * mod_muc_mam: Don’t strip MUC tags, fix #1567: MUC tags stripped by mod_muc_mam * mod_pubsub, mod_pep: Ensure correct number of children of (fixes #1496) * mod_register_ibr: Add FORM_TYPE as required by XEP-0077 (fixes #1511) * mod_muc_mam: Fix traceback saving message from non-occupant (fixes #1497) * util.startup: Remove duplicated initialization of logging (fix #1527: startup: Logging initialized twice) Important SUSE bug 1186027 CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Update to version 76.0.4017.107 - CHR-8413 Update chromium on desktop-stable-90-4017 to 90.0.4430.93 - DNA-90168 Display SD suggestions titles - DNA-92693 ‘Re-attach tab’ overlay is not resized with window - DNA-92926 [Mac][Cashback] “Close Tab” menu item not greyed out for Cashback corner - DNA-92934 Report crashes from opera://crashes and Tooltip to new Atlassian - DNA-92980 Enable tutorials flag on all streams - The update to chromium 90.0.4430.93 fixes following issues: CVE-2021-21227, CVE-2021-21232, CVE-2021-21233, CVE-2021-21228, CVE-2021-21229, CVE-2021-21230, CVE-2021-21231 Important CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication (bsc#1185279). - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key (bsc#1169925). - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface (bsc#1085803). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1085803 SUSE bug 1169925 SUSE bug 1185279 CVE-2018-7544 CVE-2020-11810 CVE-2020-15078 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 90.0.4430.212 (boo#1185908) * CVE-2021-30506: Incorrect security UI in Web App Installs * CVE-2021-30507: Inappropriate implementation in Offline * CVE-2021-30508: Heap buffer overflow in Media Feeds * CVE-2021-30509: Out of bounds write in Tab Strip * CVE-2021-30510: Race in Aura * CVE-2021-30511: Out of bounds read in Tab Group * CVE-2021-30512: Use after free in Notifications * CVE-2021-30513: Type Confusion in V8 * CVE-2021-30514: Use after free in Autofill * CVE-2021-30515: Use after free in File API * CVE-2021-30516: Heap buffer overflow in History * CVE-2021-30517: Type Confusion in V8 * CVE-2021-30518: Heap buffer overflow in Reader Mode * CVE-2021-30519: Use after free in Payments * CVE-2021-30520: Use after free in Tab Strip - FTP support disabled at runtime by default since release 88. Chromium 91 will remove support for ftp altogether (boo#1185496) Important SUSE bug 1185496 SUSE bug 1185716 SUSE bug 1185908 CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for jhead fixes the following issues: jhead was updated to 3.06.0.1 * lot of fuzztest fixes * Apply a whole bunch of patches from Debian. * Spell check and fuzz test stuff from Debian, nothing useful to human users. * Add option to set exif date from date from another file. * Bug fixes relating to fuzz testing. * Fix bug where thumbnail replacement DID NOT WORK. * Fix bug when no orientation tag is present * Fix bug of not clearing exif information when processing images with an without exif data in one invocation. * Remove some unnecessary warnings with some types of GPS data * Remove multiple copies of the same type of section when deleting section types Moderate SUSE bug 1144316 SUSE bug 1144354 SUSE bug 1160544 SUSE bug 1160547 CVE-2016-3822 CVE-2018-16554 CVE-2018-17088 CVE-2018-6612 CVE-2019-1010301 CVE-2019-1010302 CVE-2020-6624 CVE-2020-6625 CVE-2021-3496 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ipvsadm fixes the following issues: - Hardening: link as position independent executable (bsc#1184988). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1184988 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dtc fixes the following issues: - make all packaged binaries PIE-executables (bsc#1184122). This update was imported from the SUSE:SLE-15-SP2:Update update project. Low SUSE bug 1184122 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ibsim fixes the following issues: - Hardening: link as position independent executable (bsc#1184123). This update was imported from the SUSE:SLE-15-SP2:Update update project. Low SUSE bug 1184123 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to 1.2.17: * Avoid triggering DDos detection in firewalls on large systems * Use mysql reconnect option properly * Fix possible creashes in various operations * Fix remote data collectors pushing too much data to main when performing diagnostics * Make spine more responsive when remote connection is down * Fix various MySQL issues * Make spine immune to DST changes cacti-spine 1.2.16: * Some developer debug log messages falsely labeled as WARNINGS * Remove the need of the dos2unix program * Fix Spine experiencing MySQL socket error 2002 under load * Under heavy load MySQL/MariaDB return 2006 and 2013 errors on query * Add backtrace output to stderr for signals * Add Data Source turnaround time to debug output cacti-spine 1.2.15: * Special characters may not always be ignored properly cacti was updated to 1.2.17: * Fix incorrect handling of fields led to potential XSS issues * CVE-2020-35701: Fix SQL Injection vulnerability (boo#1180804) * Fix various XSS issues with HTML Forms handling * Fix handling of Daylight Saving Time changes * Multiple fixes and extensions to plugins * Fix multiple display, export, and input validation issues * SNMPv3 Password field was not correctly limited * Improved regular expression handling for searcu * Improved support for RRDproxy * Improved behavior on large systems * MariaDB/MysQL: Support persistent connections and improve multiple operations and options * Add Theme 'Midwinter' * Modify automation to test for data before creating graphs * Add hooks for plugins to show customize graph source and customize template url * Allow CSRF security key to be refreshed at command line * Allow remote pollers statistics to be cleared * Allow user to be automatically logged out after admin defined period * When replicating, ensure Cacti can detect and verify replica servers Important SUSE bug 1180804 CVE-2020-35701 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1185833 CVE-2020-18032 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - certs: Fix blacklist flag type confusion (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC &lt;= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_&lt;basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1113295 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156256 SUSE bug 1156395 SUSE bug 1159280 SUSE bug 1160634 SUSE bug 1167773 SUSE bug 1168777 SUSE bug 1169514 SUSE bug 1169709 SUSE bug 1171295 SUSE bug 1173485 SUSE bug 1177326 SUSE bug 1178163 SUSE bug 1178181 SUSE bug 1178330 SUSE bug 1179454 SUSE bug 1180197 SUSE bug 1180980 SUSE bug 1181383 SUSE bug 1181507 SUSE bug 1181674 SUSE bug 1181862 SUSE bug 1182011 SUSE bug 1182077 SUSE bug 1182485 SUSE bug 1182552 SUSE bug 1182574 SUSE bug 1182591 SUSE bug 1182595 SUSE bug 1182712 SUSE bug 1182713 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1182770 SUSE bug 1182989 SUSE bug 1183015 SUSE bug 1183018 SUSE bug 1183022 SUSE bug 1183023 SUSE bug 1183048 SUSE bug 1183252 SUSE bug 1183277 SUSE bug 1183278 SUSE bug 1183279 SUSE bug 1183280 SUSE bug 1183281 SUSE bug 1183282 SUSE bug 1183283 SUSE bug 1183284 SUSE bug 1183285 SUSE bug 1183286 SUSE bug 1183287 SUSE bug 1183288 SUSE bug 1183366 SUSE bug 1183369 SUSE bug 1183386 SUSE bug 1183405 SUSE bug 1183412 SUSE bug 1183416 SUSE bug 1183427 SUSE bug 1183428 SUSE bug 1183445 SUSE bug 1183447 SUSE bug 1183501 SUSE bug 1183509 SUSE bug 1183530 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183593 SUSE bug 1183596 SUSE bug 1183598 SUSE bug 1183637 SUSE bug 1183646 SUSE bug 1183662 SUSE bug 1183686 SUSE bug 1183692 SUSE bug 1183696 SUSE bug 1183750 SUSE bug 1183757 SUSE bug 1183775 SUSE bug 1183843 SUSE bug 1183859 SUSE bug 1183871 SUSE bug 1184074 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184176 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184211 SUSE bug 1184217 SUSE bug 1184218 SUSE bug 1184219 SUSE bug 1184220 SUSE bug 1184224 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184647 CVE-2019-18814 CVE-2019-19769 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for djvulibre fixes the following issues: - CVE-2021-32490 [bsc#1185895]: Out of bounds write in function DJVU:filter_bv() via crafted djvu file - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1185895 SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1185438 CVE-2021-3520 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: (This is a rerelease with aarch64 enabled.) Chromium 90.0.4430.212 (boo#1185908) * CVE-2021-30506: Incorrect security UI in Web App Installs * CVE-2021-30507: Inappropriate implementation in Offline * CVE-2021-30508: Heap buffer overflow in Media Feeds * CVE-2021-30509: Out of bounds write in Tab Strip * CVE-2021-30510: Race in Aura * CVE-2021-30511: Out of bounds read in Tab Group * CVE-2021-30512: Use after free in Notifications * CVE-2021-30513: Type Confusion in V8 * CVE-2021-30514: Use after free in Autofill * CVE-2021-30515: Use after free in File API * CVE-2021-30516: Heap buffer overflow in History * CVE-2021-30517: Type Confusion in V8 * CVE-2021-30518: Heap buffer overflow in Reader Mode * CVE-2021-30519: Use after free in Payments * CVE-2021-30520: Use after free in Tab Strip - FTP support disabled at runtime by default since release 88. Chromium 91 will remove support for ftp altogether (boo#1185496) Important SUSE bug 1185496 SUSE bug 1185716 SUSE bug 1185908 CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for fribidi fixes the following issues: Security issues fixed: - CVE-2019-18397: Avoid buffer overflow. (bsc#1156260) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1156260 CVE-2019-18397 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for Botan fixes the following issues: - CVE-2021-24115 In Botan before 2.17.3, or this backport, constant-time computations are not used for certain decoding and encoding operations (boo#1182670) Important SUSE bug 1182670 CVE-2021-24115 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998). Non security fixes included in this update: - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240) - update to 0.19.0: * auth: parse headers using pyparsing instead of regexp * auth: WSSE token needs to be string not bytes - update to 0.18.1: (bsc#1171998, CVE-2020-11078) * explicit build-backend workaround for pip build isolation bug * IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri. * Ship test suite in source dist - Update to 0.17.1 * python3: no_proxy was not checked with https * feature: Http().redirect_codes set, works after follow(_all)_redirects check This allows one line workaround for old gcloud library that uses 308 response without redirect semantics. * IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects * proxy: username/password as str compatible with pysocks * python2: regression in connect() error handling * add support for password protected certificate files * feature: Http.close() to clean persistent connections and sensitive data - Update to 0.14.0: * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError - version update to 0.13.1 0.13.1 * Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140 0.13.0 * Allow setting TLS max/min versions https://github.com/httplib2/httplib2/pull/138 0.12.3 * No changes to library. Distribute py3 wheels. 0.12.1 * Catch socket timeouts and clear dead connection https://github.com/httplib2/httplib2/issues/18 https://github.com/httplib2/httplib2/pull/111 * Officially support Python 3.7 (package metadata) https://github.com/httplib2/httplib2/issues/123 0.12.0 * Drop support for Python 3.3 * ca_certs from environment HTTPLIB2_CA_CERTS or certifi https://github.com/httplib2/httplib2/pull/117 * PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required https://github.com/httplib2/httplib2/pull/115 * Revert http:443->https workaround https://github.com/httplib2/httplib2/issues/112 * eliminate connection pool read race https://github.com/httplib2/httplib2/pull/110 * cache: stronger safename https://github.com/httplib2/httplib2/pull/101 0.11.3 * No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis. 0.11.2 * proxy: py3 NameError basestring https://github.com/httplib2/httplib2/pull/100 0.11.1 * Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97 0.11.0 * Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/91 * python3 proxy support https://github.com/httplib2/httplib2/pull/90 * If no_proxy environment value ends with comma then proxy is not used https://github.com/httplib2/httplib2/issues/11 * fix UnicodeDecodeError using socks5 proxy https://github.com/httplib2/httplib2/pull/64 * Respect NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/httplib2/pull/58 * NO_PROXY=bar was matching foobar (suffix without dot delimiter) New behavior matches curl/wget: - no_proxy=foo.bar will only skip proxy for exact hostname match - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card https://github.com/httplib2/httplib2/issues/94 * Bugfix for Content-Encoding: deflate https://stackoverflow.com/a/22311297 - deleted patches - Removing certifi patch: httplib2 started to use certifi and this is already bent to use system certificate bundle by another patch This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1171998 SUSE bug 1182053 CVE-2020-11078 CVE-2021-21240 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libass fixes the following issues: - CVE-2020-24994: Fixed a stack overflow in the parse_tag (bsc#1184153). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1184153 CVE-2020-24994 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openj9 fixes the following issues: - Update to OpenJDK 8u292 build 10 with OpenJ9 0.26.0 virtual machine. - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1185055 CVE-2021-2163 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for mpv fixes the following issues: - CVE-2021-30145: Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file (boo#1186230) Important SUSE bug 1186230 CVE-2021-30145 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for grub2 fixes the following issues: - Fixed error with the shim_lock protocol that is not found on aarch64 (bsc#1185580). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1185580 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack (bsc#1185715). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1185715 CVE-2021-22885 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libu2f-host fixes the following issues: This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648) Version 1.1.10 (released 2019-05-15) - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140) Version 1.1.9 (released 2019-03-06) - Fix CID copying from the init response, which broke compatibility with some devices. Version 1.1.8 (released 2019-03-05) - Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140). Version 1.1.7 (released 2019-01-08) - Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices. - Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1124781 SUSE bug 1128140 SUSE bug 1184648 CVE-2018-20340 CVE-2019-9578 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for hivex fixes the following issues: - CVE-2021-3504: hivex: missing bounds check within hivex_open() (bsc#1185013) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1185013 CVE-2021-3504 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libX11 fixes the following issues: - CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1182506 CVE-2021-31535 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1186114 CVE-2021-22898 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libxls fixes the following issues: libxsl was updated to release 1.6.2: * Fix NULL pointer dereferences in the xls2csv tool [boo#1179532] [CVE-2020-27819] Update to release 1.6.1 * Enabled decoding of non-Unicode character sets in older (BIFF5) XLS files. * Improved string conversion performance in newer files. update to 1.5.3: * Allow truncated XLS files * Fix long-standing 'extra column' bug #73 * Support for RSTRING records (rich-text cells in older BIFF5 files) tidyverse/readxl#611 Moderate SUSE bug 1179532 CVE-2020-27819 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for upx fixes the following issues: - CVE-2020-24119: Fixed a heap buffer overflow in p_lx_elf.cpp (boo#1186238) Moderate SUSE bug 1186238 CVE-2020-24119 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for slurm fixes the following issues: - CVE-2021-31215: Fixed a environment mishandling that allowed remote code execution as SlurmUser (bsc#1186024). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1186024 CVE-2021-31215 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 (bsc#1181255): - delay creation of threadpools - bin: Fix `deep-element-removed` log message - buffer: fix meta sequence number fallback on rpi - bufferlist: foreach: always remove as parent if buffer is changed - bus: Make setting/replacing/clearing the sync handler thread-safe - elementfactory: Fix missing features in case a feature moves to another filename - element: When removing a ghost pad also unset its target - meta: intern registered impl string - registry: Use a toolchain-specific registry file on Windows - systemclock: Invalid internal time calculation causes non-increasing clock time on Windows - value: don't write to `const char *` - value: Fix segfault comparing empty GValueArrays - Revert floating enforcing - aggregator: fix iteration direction in skip_buffers - sparsefile: fix possible crash when seeking - baseparse: cache fix - baseparse: fix memory leak when subclass skips whole input buffer - baseparse: Set the private duration before posting a duration-changed message - basetransform: allow not passthrough if generate_output is implemented - identity: Fix a minor leak using meta_str - queue: protect against lost wakeups for iterm_del condition - queue2: Avoid races when posting buffering messages - queue2: Fix missing/dropped buffering messages at startup - identity: Unblock condition variable on FLUSH_START - check: Use `g_thread_yield()` instead of `g_usleep(1)` - tests: use cpu_family for arch checks - gst-launch: Follow up to missing `s/g_print/gst_print/g` - gst-inspect: Add define guard for `g_log_writer_supports_color()` - gst-launch: go back down to `GST_STATE_NULL` in one step. - device-monitor: list hidden providers before listing devices - autotools build fixes for GNU make 4.3 gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255): - deinterlace: on-the-fly renegotiation - flacenc: Pass audio info from set_format() to query_total_samples() explicitly - flacparse: fix broken reordering of flac metadata - jack: Use jack_free(3) to release ports - jpegdec: check buffer size before dereferencing - pulse: fix discovery of newly added devices - qtdemux fuzzing fixes - qtdemux: Add 'mp3 ' fourcc that VLC seems to produce now - qtdemux: Specify REDIRECT information in error message - rtpbin: fix shutdown crash in rtpbin - rtpsession: rename RTCP thread - rtpvp8pay, rtpvp9pay: fix caps leak in set_caps() - rtpjpegdepay: outputs framed jpeg - rtpjitterbuffer: Properly free internal packets queue in finalize() - rtspsrc: Don't return TRUE for unhandled query - rtspsrc: Avoid stack overflow recursing waiting for response - rtspsrc: Use the correct type for storing the max-rtcp-rtp-time-diff property - rtspsrc: Error out when failling to receive message response - rtspsrc: Fix for segmentation fault when handling set/get_parameter requests - speex: Fix crash on Windows caused by cross-CRT issue - speexdec: Crash when stopping the pipeline - splitmuxsrc: Properly stop the loop if no part reader is present - use gst_element_class_set_metadata when passing dynamic strings - v4l2videodec: Increase internal bitstream pool size - v4l2: fix crash when handling unsupported video format - videocrop: allow properties to be animated by GstController - videomixer: Don't leak peer caps - vp8enc/vp8enc: set 1 for the default value of VP8E_SET_STATIC_THRESHOLD - wavenc: Fix writing of the channel mask with >2 channels gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255): - amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time - audiobuffersplit: Specify in the template caps that only interleaved audio is supported - audiobuffersplit: Unset DISCONT flag if not discontinuous - autoconvert: Fix lock-less exchange or free condition - autoconvert: fix compiler warnings with g_atomic on recent GLib versions - avfvideosrc: element requests camera permissions even with capture-screen property is true - codecparsers: h264parser: guard against ref_pic_markings overflow - dtlsconnection: Avoid segmentation fault when no srtp capabilities are negotiated - dtls/connection: fix EOF handling with openssl 1.1.1e - fdkaacdec: add support for mpegversion=2 - hls: Check nettle version to ensure AES128 support - ipcpipeline: Rework compiler checks - interlace: Increment phase_index before checking if we're at the end of the phase - lv2: Make it build with -fno-common - h264parser: Do not allocate too large size of memory for registered user data SEI - ladspa: fix unbounded integer properties - modplug: avoid division by zero - msdkdec: Fix GstMsdkContext leak - msdkenc: fix leaks on windows - musepackdec: Don't fail all queries if no sample rate is known yet - openslessink: Allow openslessink to handle 48kHz streams. - opencv: allow compilation against 4.2.x - proxysink: event_function needs to handle the event when it is disconnecetd from proxysrc - vulkan: Drop use of VK_RESULT_BEGIN_RANGE - wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset - wasapi: Fix possible deadlock while downwards state change - waylandsink: Clear window when pipeline is stopped - webrtc: Support non-trickle ICE candidates in the SDP - webrtc: Unmap all non-binary buffers received via the datachannel - meson: build with neon 0.31 - Drop upstream fixed patch: gstreamer-h264parser-fix-overflow.patch - h264parser: guard against ref_pic_markings overflow (bsc#1181255 CVE-2021-3185) - Disable the kate/libtiger plugin. Kate streams for karaoke are not used anymore, and the source tarball for libtiger is no longer available upstream. (jsc#SLE-13843) gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255): + x264enc: corrected em_data value in CEA-708 CC SEI message gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255): - audioaggregator: Check all downstream allowed caps structures if they support the upstream rate - audioaggregator: Fix negotiation with downstream if there is no peer yet - audioencoder: fix segment event leak - discoverer: Fix caps handling in `pad-added` signal handler - discoverer: Start discovering next URI from right thread - fft: Update our kiss fft version, fixes thread-safety and concurrency issues and misc other things - gl: numerous memory fixes (use-after-free, leaks, missing NULL-ify) - gl/display/egl: ensure debug category is initialized - gstglwindow_x11: fix resize - pbutils: Add latest H.264 level values - rtpbuffer: fix header extension length validation - video: Fix NV12_64Z32 number of component - video-format: RGB16/15 are not 16 bit per component but only 5.333 and 5 - video: fix top/bottom field flags - videodecoder: don't copy interlace-mode from reference state - appsrc/appsink: Make setting/replacing callbacks thread-safe - compositor: Fix checkerboard filling for BGRx/RGBx and UYVY/YUY2/YVYU - decodebin3: only force streams-selected seqnum after a select-streams - glupload: Fix fallback from direct dmabuf to dmabuf upload method - glvideomixer: perform `_get_highest_precision()` on the GL thread - libvisual: use `gst_element_class_set_metadata()` when passing dynamic strings - oggstream: Workaround for broken PAR in VP8 BOS - subparse: accept WebVTT timestamps without an hour component - playbin: Handle error message with redirection indication - textrender: Fix AYUV output. - typefind: Consider MPEG-PS PSM to be a PES type - uridecodebin3: default to non-0 buffer-size and buffer-duration, otherwise it could potentially cause big memory allocations over time - videoaggregator: Don't configure NULL chroma-site/colorimetry - videorate/videoscale/audioresample: Ensure that the caps returned from... - build: Replace bashisms in configure for Wayland and GLES3 This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1181255 CVE-2021-3185 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 91.0.4472.77 (boo#1186458): * Support Managed configuration API for Web Applications * WebOTP API: cross-origin iframe support * CSS custom counter styles * Support JSON Modules * Clipboard: read-only files support * Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events * Honor media HTML attribute for link icon * Import Assertions * Class static initializer blocks * Ergonomic brand checks for private fields * Expose WebAssembly SIMD * New Feature: WebTransport * ES Modules for service workers ('module' type option) * Suggested file name and location for the File System Access API * adaptivePTime property for RTCRtpEncodingParameters * Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack * Support WebSockets over HTTP/2 * Support 103 Early Hints for Navigation * CVE-2021-30521: Heap buffer overflow in Autofill * CVE-2021-30522: Use after free in WebAudio * CVE-2021-30523: Use after free in WebRTC * CVE-2021-30524: Use after free in TabStrip * CVE-2021-30525: Use after free in TabGroups * CVE-2021-30526: Out of bounds write in TabStrip * CVE-2021-30527: Use after free in WebUI * CVE-2021-30528: Use after free in WebAuthentication * CVE-2021-30529: Use after free in Bookmarks * CVE-2021-30530: Out of bounds memory access in WebAudio * CVE-2021-30531: Insufficient policy enforcement in Content Security Policy * CVE-2021-30532: Insufficient policy enforcement in Content Security Policy * CVE-2021-30533: Insufficient policy enforcement in PopupBlocker * CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox * CVE-2021-30535: Double free in ICU * CVE-2021-21212: Insufficient data validation in networking * CVE-2021-30536: Out of bounds read in V8 * CVE-2021-30537: Insufficient policy enforcement in cookies * CVE-2021-30538: Insufficient policy enforcement in content security policy * CVE-2021-30539: Insufficient policy enforcement in content security policy * CVE-2021-30540: Incorrect security UI in payments * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1186458 CVE-2021-21212 CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524 CVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528 CVE-2021-30529 CVE-2021-30530 CVE-2021-30531 CVE-2021-30532 CVE-2021-30533 CVE-2021-30534 CVE-2021-30535 CVE-2021-30536 CVE-2021-30537 CVE-2021-30538 CVE-2021-30539 CVE-2021-30540 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Update to version 76.0.4017.154 - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212 - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode - DNA-92587 Sync settings: “Use old password” button doesn’t work - DNA-92672 Make it possible for agent to inject scripts into startpage - DNA-92712 Add SD reload API - DNA-93190 The bookmark can’t be opened in Workspace 5-6 - DNA-93247 Reopen last closed tab shortcut opens random tab on new window - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit builds - DNA-93313 Add opauto test to cover DNA-93190 - DNA-93368 Fix an error in Polish translation - DNA-93408 [Windows] widevine_cdm_component_installer does not compile on desktop-stable-90-4017 - The update to chromium 90.0.4430.212 fixes following issues: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509, CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513, CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517, CVE-2021-30518, CVE-2021-30519, CVE-2021-30520 Update to version 76.0.4017.123 - DNA-91951 SkipAds click by default with Adblocker on Youtube - DNA-92293 [Mac] Crash at opera::BrowserWindowImpl::Cleanup() - DNA-92714 [Mac] Worskpace switching lags with lot of tabs - DNA-92847 DCHECK at tab_lifecycle_unit_source.cc:145 - DNA-92860 [Windows] Fix issues when running buildsign script with Python 3 - DNA-92879 Fix issues when running buildsign script with Python 3 - DNA-92938 opera://activity/ page ignores workspaces - DNA-93015 [Player] Panel is too narrow - DNA-93044 Remove unnecessary question mark in Cashback string in Polish - DNA-93070 [Search Tabs] Selecting items with cursor keys skips over content matches - DNA-93122 Use input in builddiff.py - DNA-93175 Fix running repacking Important CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for inn fixes the following issues: - CVE-2021-31998: change user to news before calling innupgrade, which could have allow local privilege escalation. [boo#1182321] Moderate SUSE bug 1182321 CVE-2021-31998 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xstream fixes the following issues: - Upgrade to 1.4.16 - CVE-2021-21351: remote attacker to load and execute arbitrary code (bsc#1184796) - CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources (bsc#1184797) - CVE-2021-21350: arbitrary code execution (bsc#1184380) - CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time (bsc#1184374) - CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host (bsc#1184378) - CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host (bsc#1184375) - CVE-2021-21342: server-side forgery (bsc#1184379) - CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time (bsc#1184377) - CVE-2021-21346: remote attacker could load and execute arbitrary code (bsc#1184373) - CVE-2021-21345: remote attacker with sufficient rights could execute commands (bsc#1184372) - CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host (bsc#1184376) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1184372 SUSE bug 1184373 SUSE bug 1184374 SUSE bug 1184375 SUSE bug 1184376 SUSE bug 1184377 SUSE bug 1184378 SUSE bug 1184379 SUSE bug 1184380 SUSE bug 1184796 SUSE bug 1184797 CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21348 CVE-2021-21349 CVE-2021-21350 CVE-2021-21351 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - (CVE-2021-3509) fix cookie injection issue (bsc#1186021) - (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020) - (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1185619 SUSE bug 1186020 SUSE bug 1186021 CVE-2021-3509 CVE-2021-3524 CVE-2021-3531 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1186126 CVE-2021-23017 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1186497 CVE-2021-3560 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for redis fixes the following issues: redis was updated to 6.0.14: * CVE-2021-32625: An integer overflow bug could be exploited by using the STRALGO LCS command to cause remote remote code execution (boo#1186722) * Fix crash in UNLINK on a stream key with deleted consumer groups * SINTERSTORE: Add missing keyspace del event when none of the sources exist Moderate SUSE bug 1186722 CVE-2021-32625 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KVM: s390: fix guarded storage control register handling (bsc#1133021). - Move upstreamed media fixes into sorted section - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - Revert 'arm64: vdso: Fix compilation with clang older than 8' (git-fixes). - Revert 'gdrom: fix a memory leak bug' (git-fixes). - Revert 'i3c master: fix missing destroy_workqueue() on error in i3c_master_register' (git-fixes). - Revert 'leds: lp5523: fix a missing check of return value of lp55xx_read' (git-fixes). - Revert 337f13046ff0 ('futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op') (git-fixes). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - block: Fix three kernel-doc warnings (git-fixes). - block: fix get_max_io_size() (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - hrtimer: Update softirq_expires_next correctly after (git-fixes) - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - lpfc: Decouple port_template and vport_template (bsc#185032). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - net: enetc: fix link error again (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix 'slimmer CQ head update' (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). - nvme: document nvme controller states (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - nvme: fix controller instance leak (git-fixes). - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns->file when open fails (bsc#1183873). - nvmet: use new ana_log_size instead the old one (bsc#1184259). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - power: supply: Use IRQF_ONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/entry: save the caller of psw_idle (bsc#1185677). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - sched/eas: Do not update misfit status if the task is pinned (git-fixes) - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - sctp: delay auto_asconf init until binding the first addr (&lt;cover.1620748346.git.mkubecek@suse.cz>). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - tcp: fix to update snd_wl1 in bulk receiver fast path (&lt;cover.1620748346.git.mkubecek@suse.cz>). - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - vrf: fix a comment about loopback device (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: more destroy_workqueue() fixes (bsc#1185911). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). Important SUSE bug 1087082 SUSE bug 1133021 SUSE bug 1152457 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1164648 SUSE bug 1177666 SUSE bug 1178418 SUSE bug 1179519 SUSE bug 1179827 SUSE bug 1179851 SUSE bug 1182378 SUSE bug 1182999 SUSE bug 1183346 SUSE bug 1183976 SUSE bug 1184259 SUSE bug 1185428 SUSE bug 1185495 SUSE bug 1185589 SUSE bug 1185645 SUSE bug 1185703 SUSE bug 1185725 SUSE bug 1185758 SUSE bug 1185861 SUSE bug 1185863 SUSE bug 1185911 SUSE bug 1185938 SUSE bug 1185982 SUSE bug 1186320 SUSE bug 1186416 SUSE bug 1186439 SUSE bug 1186460 SUSE bug 1186484 SUSE bug 1186573 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for umoci fixes the following issues: Update to v0.4.7 (bsc#1184147). - CVE-2021-29136: Fixed overwriting of host files via malicious layer (bsc#1184147). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1184147 CVE-2021-29136 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1179805 SUSE bug 1184505 CVE-2020-29651 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for csync2 fixes the following issues: - CVE-2019-15522: Fixed an issue where daemon fails to enforce TLS (bsc#1147137) - CVE-2019-15523: Fixed an incorrect TLS handshake error handling (bsc#1147139) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1147137 SUSE bug 1147139 CVE-2019-15522 CVE-2019-15523 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation (bsc#1159488, bsc#1186088) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1159488 SUSE bug 1186088 CVE-2017-18640 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-HyperKitty fixes the following issues: - CVE-2021-33038 [boo#1186575], information disclosure when importing a private mailing list Moderate SUSE bug 1186575 CVE-2021-33038 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for 389-ds fixes the following issues: - CVE-2021-3514: Fixed a sync_repl NULL pointer dereference in sync_create_state_control() (bsc#1185356) 389-ds was updated to version 1.4.3.23~git0.f53d0132b: Bump version to 1.4.3.23: * Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727) * Issue 4759 - Fix coverity issue (#4760) * Issue 4656 - Fix cherry pick error around replication enabling * Issue 4701 - RFE - Exclude attributes from retro changelog (#4723) (#4746) * Issue 4742 - UI - should always use LDAPI path when calling CLI * Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732) * Issue 4711 - SIGSEV with sync_repl (#4738) * Issue 4649 - fix testcase importing ContentSyncPlugin * Issue 2736 - Warnings from automatic shebang munging macro * Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736 * Issue 4706 - negative wtime in access log for CMP operations Bump version to 1.4.3.22: * Issue 4671 - UI - Fix browser crashes * lib389 - Add ContentSyncPlugin class * Issue 4656 - lib389 - fix cherry pick error * Issue 4229 - Fix Rust linking * Issue 4658 - monitor - connection start date is incorrect * Issue 2621 - lib389 - backport ds_supports_new_changelog() * Issue 4656 - Make replication CLI backwards compatible with role name change * Issue 4656 - Remove problematic language from UI/CLI/lib389 * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down * Issue 4663 - CLI - unable to add objectclass/attribute without x-origin Bump version to 1.4.3.21: * Issue 4169 - UI - updates on the tuning page are not reflected in the UI * Issue 4588 - BUG - unable to compile without xcrypt (#4589) * Issue 4513 - Fix replication CI test failures (#4557) * Issue 4646 - CLI/UI - revise DNA plugin management * Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647) * Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652) * Issue 4615 - log message when psearch first exceeds max threads per conn Bump version to 1.4.3.20: * Issue 4324 - Some architectures the cache line size file does not exist * Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1185356 CVE-2021-3514 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for pam_radius fixes the following issues: - CVE-2015-9542: pam_radius: buffer overflow in password field (bsc#1163933) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1163933 CVE-2015-9542 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf, libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - bpf, samples: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iopoll: introduce read_poll_timeout macro (git-fixes). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - Move upstreamed i915 fix into sorted section - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use 'aer' variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rpm/constraints.in: bump disk space to 45GB on riscv64 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: fix return value for unsupported ioctls (git-fixes). - usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1043990 SUSE bug 1055117 SUSE bug 1065729 SUSE bug 1152457 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1167260 SUSE bug 1167574 SUSE bug 1168838 SUSE bug 1174416 SUSE bug 1174426 SUSE bug 1175995 SUSE bug 1178089 SUSE bug 1179243 SUSE bug 1179851 SUSE bug 1180846 SUSE bug 1181161 SUSE bug 1182613 SUSE bug 1183063 SUSE bug 1183203 SUSE bug 1183289 SUSE bug 1184208 SUSE bug 1184209 SUSE bug 1184436 SUSE bug 1184485 SUSE bug 1184514 SUSE bug 1184585 SUSE bug 1184650 SUSE bug 1184724 SUSE bug 1184728 SUSE bug 1184730 SUSE bug 1184731 SUSE bug 1184736 SUSE bug 1184737 SUSE bug 1184738 SUSE bug 1184740 SUSE bug 1184741 SUSE bug 1184742 SUSE bug 1184760 SUSE bug 1184811 SUSE bug 1184893 SUSE bug 1184934 SUSE bug 1184942 SUSE bug 1184957 SUSE bug 1184969 SUSE bug 1184984 SUSE bug 1185041 SUSE bug 1185113 SUSE bug 1185233 SUSE bug 1185244 SUSE bug 1185269 SUSE bug 1185365 SUSE bug 1185454 SUSE bug 1185472 SUSE bug 1185491 SUSE bug 1185549 SUSE bug 1185586 SUSE bug 1185587 CVE-2021-29155 CVE-2021-29650 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1181686 CVE-2021-20201 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html Other fixes: - Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details. - Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11 - Updated platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1168481 SUSE bug 1175081 SUSE bug 1175821 SUSE bug 1181594 SUSE bug 1181641 SUSE bug 1181677 SUSE bug 1181730 SUSE bug 1181732 SUSE bug 1181749 SUSE bug 1182451 SUSE bug 1182476 SUSE bug 1182947 SUSE bug 1183024 SUSE bug 1183855 SUSE bug 1184768 SUSE bug 1184962 SUSE bug 1185405 CVE-2021-21284 CVE-2021-21285 CVE-2021-21334 CVE-2021-30465 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for squid fixes the following issues: - update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing (bsc#1185918) - CVE-2021-28651: Memory leak in RFC 2169 response parsing (bsc#1185921) - CVE-2021-28662: Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs (bsc#1185919) - CVE-2021-31806: Handle more Range requests (bsc#1185916) - CVE-2020-25097: HTTP Request Smuggling vulnerability (bsc#1183436) - Handle more partial responses (bsc#1185923) - fix previous change to reinstante permissions macros, because the wrong path has been used (bsc#1171569). - use libexecdir instead of libdir to conform to recent changes in Factory (bsc#1171164). - Reinstate permissions macros for pinger binary, because the permissions package is also responsible for setting up the cap_net_raw capability, currently a fresh squid install doesn't get a capability bit at all (bsc#1171569). - Change pinger and basic_pam_auth helper to use standard permissions. pinger uses cap_net_raw=ep instead (bsc#1171569) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1171164 SUSE bug 1171569 SUSE bug 1183436 SUSE bug 1185916 SUSE bug 1185918 SUSE bug 1185919 SUSE bug 1185921 SUSE bug 1185923 CVE-2020-25097 CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 91.0.4472.101 (boo#1187141) * CVE-2021-30544: Use after free in BFCache * CVE-2021-30545: Use after free in Extensions * CVE-2021-30546: Use after free in Autofill * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-30548: Use after free in Loader * CVE-2021-30549: Use after free in Spell check * CVE-2021-30550: Use after free in Accessibility * CVE-2021-30551: Type Confusion in V8 * CVE-2021-30552: Use after free in Extensions * CVE-2021-30553: Use after free in Network service * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1187141 CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552 CVE-2021-30553 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for htmldoc fixes the following issues: htmldoc was updated to version 1.9.12: * Fixed buffer-overflow CVE-2021-20308 ( boo#1184424 ) * Fixed a crash bug with 'data:' URIs and EPUB output * Fixed several other crash bugs * Fixed JPEG error handling * Fixed some minor issues * Removed the bundled libjpeg, libpng, and zlib. update to 1.9.11: - Added high-resolution desktop icons for Linux. - Updated the internal HTTP library to fix truncation of redirection URLs - Fixed a regression in the handling of character entities for UTF-8 input - The `--numbered` option did not work when the table-of-contents was disabled - Updated local zlib to v1.2.11. - Updated local libpng to v1.6.37. - Fixed packaging issues on macOS and Windows - Now ignore sRGB profile errors in PNG files - The GUI would crash when saving - Page comments are now allowed in `pre` text update to 1.9.9: - Added support for a `HTMLDOC.filename` META keyword that controls the filename reported in CGI mode; the default remains 'htmldoc.pdf' (Issue #367) - Fixed a paragraph formatting issue with large inline images (Issue #369) - Fixed a buffer underflow issue (Issue #370) - Fixed PDF page numbers (Issue #371) - Added support for a new `L` header/footer format (`$LETTERHEAD`), which inserts a letterhead image at its full size (Issue #372, Issue #373, Issue #375) - Updated the build documentation (Issue #374) - Refactored the PRE rendering code to work around compiler optimization bugs - Added support for links with targets (Issue #351) - Fixed a table rowspan + valign bug (Issue #360) - Added support for data URIs (Issue #340) - HTMLDOC no longer includes a PDF table of contents when converting a single web page (Issue #344) - Updated the markdown support with external links, additional inline markup, and hard line breaks. - Links in markdown text no longer render with a leading space as part of the link (Issue #346) - Fixed a buffer underflow bug discovered by AddressSanitizer. - Fixed a bug in UTF-8 support (Issue #348) - PDF output now includes the base language of the input document(s) - Optimized the loading of font widths (Issue #354) - Optimized PDF page resources (Issue #356) - Optimized the base memory used for font widths (Issue #357) - Added proper `&shy;` support (Issue #361) - Title files can now be markdown. - The GUI did not support EPUB output. - Empty markdown table cells were not rendered in PDF or PostScript output. - The automatically-generated title page now supports both 'docnumber' and 'version' metadata. - Added support for dc:subject and dc:language metadata in EPUB output from the HTML keywords and lang values. - Added support for the subject and language metadata in markdown input. - Fixed a buffer underflow bug (Issue #338) - `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339) - Fixed an issue with HTML title pages and EPUB output. - Inline fixed-width text is no longer reduced in size automatically - Optimized initialization of font width data (Issue #334) - Fixed formatting bugs with aligned images (Issue #322, Issue #324) - Fixed support for three digit '#RGB' color values (Issue #323) - Fixed character set support for markdown metadata. - Updated libpng to v1.6.34 (Issue #326) - The makefiles did not use the CPPFLAGS value (Issue #328) - Added Markdown table support. - Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files. Important SUSE bug 1184424 CVE-2021-20308 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libopenmpt fixes the following issues: Various bugfix and stability issues were fixed, some of those might have security impact. libopenmpt was updated to 0.3.28: * Fixed excessive memory consumption with malformed files in various formats. Changes in 0.3.27: * AMS: Avoid allocating excessive amount of memory for compressed song message in malformed files. * S3M: Some samples were imported with a too high sample rate if module was saved with Scream Tracker 3. Changes in 0.3.26: * DMF: Improve import of finetune effect with parameters larger than +/-15. Changes in 0.3.25: * AMS: An upper bound for uncompressed sample size is now established to avoid memory exhaustion from malformed files. * MO3: Avoid certain ModPlug hacks from being fixed up twice, which could lead to e.g. very narrow pan swing range for old OpenMPT IT files saved with a recent MO3 encoder version. * IMF: Instrument sample mapping was off by one octave, notable in the guitar part of Astaris by Karsten Koch. * PLM: Percentage offset (Mxx) was slightly off. Changes in 0.3.24: * PP20: The first few bytes of some files were not decompressed properly, making some files unplayable (depending on the original format). Changes in 0.3.23: * IT: Global volume slides with both nibbles set preferred the “slide up” nibble over the “slide down” nibble in old OpenMPT versions, unlike other slides. Such old files are now imported correctly again. * IT: Fixed an edge case where, if the filter hit full cutoff / no resonance on the first tick of a row where a new delayed note would be triggered, the filter would be disabled even though it should stay active. Fixes trace.it by maddie. * XM: Out-of-range arpeggio clamping behaviour broke in OpenMPT 1.23.05.00. The arpeggios in Binary World by Dakota now play correctly again. * S3M: Support old-style sample pre-amp value in very early S3M files. * S3M: Only force-enable fast slides for files ST 3.00. Previously, any S3M file made with an ST3 version older than 3.20 enabled them. * M15: Improve tracker detection heuristics to never assume SoundTracker 2.0 if there is a huge number of Dxx commands, as that is a definite hint that they should be treated as volume slides. Fixes Monty On The Run by Master Blaster. Changes in 0.3.22: * IT: Disable retrigger with short notes quirk for modules saved with Chibi Tracker, as it does not implement that quirk. * MOD: Fix early song ending due to ProTracker pattern jump quirk (EEx + Dxx on same row) if infinite looping is disabled. Fixes Haunted Tracks.mod by Triace. * MOD: Vibrato type “ramp down” was upside down. Changes in 0.3.21: * IT: Vibrato was too fast in Old Effects mode since libopenmpt 0.3. * XM: Treat 8bitbubsy’s FT2 clone exactly like Fasttracker 2 with respect to compatibility and playback flags. For example, FT2 Pan Law was not applied. * DMF: Some files had a wrong tempo since libopenmpt 0.2.5705-beta15. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1186663 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1186015 CVE-2021-3541 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req() * open-iscsi: Fix invalid pointer deference in find_initiator() * iscsiuio: Fix invalid parameter when call fstat() * iscsi-iname: Verify open() return value before calling read() * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface - Updatged to latest upstream, including: * iscsiadm: Optimize the the verification of mode paramters * iscsid: Poll timeout value to 1 minute for iscsid * iscsiadm: fix host stats mode coredump * iscsid: fix logging level when starting and shutting down daemon * Updated iscsiadm man page. * Fix memory leak in sysfs_get_str * libopeniscsiusr: Compare with max int instead of max long - Systemd unit files should not depend on network.target (bsc#1179440). - Updated to latest upstream, including async login ability: * Implement login 'no_wait' for iscsiadm NODE mode * iscsiadm buffer overflow regression when discovering many targets at once * iscsid: Check Invalid Session id for stop connection * Add ability to attempt target logins asynchronously - %service_del_postun_without_restart is now available on SLE More accurately it's been introduced in SLE12-SP2+ and SLE15+ This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1179440 SUSE bug 1179908 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libjpeg-turbo fixes the following issues: - CVE-2020-17541: Fixed a stack-based buffer overflow in the 'transform' component (bsc#1186764). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1186764 CVE-2020-17541 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1183168 SUSE bug 1185924 SUSE bug 1185925 CVE-2021-32027 CVE-2021-32028 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for chromium fixes the following issues: Chromium 91.0.4472.114 (boo#1187481) * CVE-2021-30554: Use after free in WebGL * CVE-2021-30555: Use after free in Sharing * CVE-2021-30556: Use after free in WebAudio * CVE-2021-30557: Use after free in TabGroups Chromium 91.0.4472.106 * Fix use-after-free in SendTabToSelfSubMenuModel * Destroy system-token NSSCertDatabase on the IO thread Important SUSE bug 1187481 CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for salt fixes the following issues: Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028) - Check if dpkgnotify is executable (bsc#1186674) - Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028) - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382) - Always require `python3-distro` (bsc#1182293) - Remove deprecated warning that breaks minion execution when 'server_id_use_crc' opts is missing - Fix pkg states when DEB package has 'all' arch - Do not force beacons configuration to be a list. - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update (jsc#SLE-18033) - Improvements on 'ansiblegate' module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) This update was imported from the SUSE:SLE-15-SP2:Update update project. Critical SUSE bug 1171257 SUSE bug 1176293 SUSE bug 1179831 SUSE bug 1181368 SUSE bug 1182281 SUSE bug 1182293 SUSE bug 1182382 SUSE bug 1185092 SUSE bug 1185281 SUSE bug 1186674 CVE-2018-15750 CVE-2018-15751 CVE-2020-11651 CVE-2020-11652 CVE-2020-25592 CVE-2021-25315 CVE-2021-31607 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172389 CVE-2020-13757 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.15 fixes the following issues: - Updated go to upstream version 1.15.12 (released 2021-05-06) (bsc#1175132). - CVE-2021-31525: Fixed stack overflow via net/http ReadRequest (bsc#1185790). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175132 SUSE bug 1185790 CVE-2021-31525 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1187060 CVE-2021-3580 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage (bsc#1186226) - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organization - in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address - tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case - avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server. Important SUSE bug 1186226 CVE-2019-18906 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest - fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser - fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session Important SUSE bug 1186922 SUSE bug 1186923 SUSE bug 1186924 SUSE bug 1187017 SUSE bug 1187040 SUSE bug 1187174 CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues: Update wireshark to version 3.4.5 - New and updated support and bug fixes for multiple protocols - Asynchronous DNS resolution is always enabled - Protobuf fields can be dissected as Wireshark (header) fields - UI improvements Including security fixes for: - CVE-2021-22191: Wireshark could open unsafe URLs (bsc#1183353). - CVE-2021-22207: MS-WSP dissector excessive memory consumption (bsc#1185128) - CVE-2020-26422: QUIC dissector crash (bsc#1180232) - CVE-2020-26418: Kafka dissector memory leak (bsc#1179930) - CVE-2020-26419: Multiple dissector memory leaks (bsc#1179931) - CVE-2020-26420: RTPS dissector memory leak (bsc#1179932) - CVE-2020-26421: USB HID dissector crash (bsc#1179933) - CVE-2021-22173: Fix USB HID dissector memory leak (bsc#1181598) - CVE-2021-22174: Fix USB HID dissector crash (bsc#1181599) libqt5-qtmultimedia and sbc are necessary dependencies. libvirt is needed to rebuild wireshark-plugin-libvirt. Important SUSE bug 1179930 SUSE bug 1179931 SUSE bug 1179932 SUSE bug 1179933 SUSE bug 1180102 SUSE bug 1180232 SUSE bug 1181598 SUSE bug 1181599 SUSE bug 1183353 SUSE bug 1184110 SUSE bug 1185128 CVE-2020-26418 CVE-2020-26419 CVE-2020-26420 CVE-2020-26421 CVE-2020-26422 CVE-2021-22173 CVE-2021-22174 CVE-2021-22191 CVE-2021-22207 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for vlc fixes the following issues: Update to 3.0.11.1: - CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727) - CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755) Important SUSE bug 1133290 SUSE bug 1172727 SUSE bug 1180755 CVE-2020-13428 CVE-2020-26664 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.11 (bsc#1186696) Security issues fixed: - CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message - CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11 General improvements: - OpenPGP could not be disabled for an account if a key was previously configured - Recipients were unable to decrypt some messages when the sender had changed the message encryption from OpenPGP to S/MIME - Contacts moved between CardDAV address books were not synced to the new server - CardDAV compatibility fixes for Google Contacts - Folder pane had no clear indication of focus on macOS This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1186696 CVE-2021-29964 CVE-2021-29967 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for xstream fixes the following issues: Upgrade to 1.4.17 - CVE-2021-29505: Fixed potential code execution when unmarshalling with XStream instances using an uninitialized security framework (bsc#1186651) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1186651 CVE-2021-29505 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for live555 fixes the following issues: Update to 2021.05.22: - Lots of fixes and updates, including the security fix for CVE-2021-28899 (boo#1185874) and CVE-2019-15232 (boo#1146283). See the list in http://live555.com/liveMedia/public/changelog.txt Moderate SUSE bug 1146283 SUSE bug 1185874 CVE-2019-15232 CVE-2021-28899 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for gupnp fixes the following issues: - CVE-2021-33516: Fixed a DNS rebinding, which could trick the browser into triggering actions against local UPnP services (bsc#1186590). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1186590 CVE-2021-33516 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for ovmf fixes the following issues: - Fixed a possible buffer overflow in IScsiDxe (bsc#1186151) This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1186151 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for dovecot23 fixes the following issues: - CVE-2021-29157: Local attacker can login as any user and access their emails (bsc#1187418) - CVE-2021-33515: Attacker can potentially steal user credentials and mails (bsc#1187419) Important SUSE bug 1187418 SUSE bug 1187419 CVE-2021-29157 CVE-2021-33515 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for openexr fixes the following issues: - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function - Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1187310 SUSE bug 1187395 CVE-2021-3598 CVE-2021-3605 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tor fixes the following issues: tor 0.4.5.9 * Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell (CVE-2021-34548, boo#1187322) * Detect more failure conditions from the OpenSSL RNG code (boo#1187323) * Resist a hashtable-based CPU denial-of-service attack against relays (CVE-2021-34549, boo#1187324) * Fix an out-of-bounds memory access in v3 onion service descriptor parsing (CVE-2021-34550, boo#1187325) tor 0.4.5.8 * https://lists.torproject.org/pipermail/tor-announce/2021-May/000219.html * allow Linux sandbox with Glibc 2.33 * work with autoconf 2.70+ * several other minor features and bugfixes (see announcement) - Fix logging issue due to systemd picking up stdout - boo#1181244 Continue to log notices to syslog by default. Important SUSE bug 1179331 SUSE bug 1181244 SUSE bug 1187322 SUSE bug 1187323 SUSE bug 1187324 SUSE bug 1187325 CVE-2021-34548 CVE-2021-34549 CVE-2021-34550 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 * changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and default_label properties (bmo#1583478) * fixed: Running a quicksearch that returned no results did not offer to re-run as a global search (bmo#1663153) * fixed: Message search toolbar fixes (bmo#1681010) * fixed: Very long subject lines distorted the message compose and display windows, making them unusable (bmo#77806) * fixed: Compose window: Recipient addresses that had not yet been autocompleted were lost when clicking Send button (bmo#1674054) * fixed: Compose window: New message is no longer marked as 'changed' just from tabbing out of the recipient field without editing anything (bmo#1681389) * fixed: Account autodiscover fixes when using MS Exchange servers (bmo#1679759) * fixed: LDAP address book stability fix (bmo#1680914) * fixed: Messages with invalid vcard attachments were not marked as read when viewed in the preview window (bmo#1680468) * fixed: Chat: Could not add TLS certificate exceptions for XMPP connections (bmo#1590471) * fixed: Calendar: System timezone was not always properly detected (bmo#1678839) * fixed: Calendar: Descriptions were sometimes blank when editing a single occurrence of a repeating event (bmo#1664731) * fixed: Various printing bugfixes (bmo#1676166) * fixed: Visual consistency and theme improvements (bmo#1682808) MFSA 2021-02 (bsc#1180623) * CVE-2020-16044 (bmo#1683964) Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles (bsc#1184016). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1184016 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670: Cross Site Scripting (XSS) vulneraibility via database host and user in /installer/test.php (boo#1187707) - CVE-2020-18671: Cross Site Scripting (XSS) vulnerability via smtp config in /installer/test.php (boo#1187706) - CVE-2020-35730: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content (boo#1180399) Important SUSE bug 1180399 SUSE bug 1187706 SUSE bug 1187707 CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u292 (icedtea 3.19.0). - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1185055 CVE-2021-2163 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tpm2.0-tools fixes the following issues: - CVE-2021-3565: Fixed issue when no encrypted session with the TPM is used (bsc#1186490). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1186490 CVE-2021-3565 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for bouncycastle fixes the following issues: - CVE-2020-15522: Fixed a timing issue within the EC math library (bsc#1186328). This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1186328 CVE-2020-15522 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KVM: s390: fix guarded storage control register handling (bsc#1133021). - Move upstreamed media fixes into sorted section - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - block: Fix three kernel-doc warnings (git-fixes). - block: fix get_max_io_size() (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - hrtimer: Update softirq_expires_next correctly after (git-fixes) - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - locking/seqlock: Tweak DEFINE_SEQLOCK() kernel doc (bsc#1176564 bsc#1162702). - lpfc: Decouple port_template and vport_template (bsc#185032). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - net: enetc: fix link error again (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - net: xfrm: Localize sequence counter per network namespace (bsc#1185696). - net: xfrm: Use sequence counter with associated spinlock (bsc#1185696). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix 'slimmer CQ head update' (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). - nvme: document nvme controller states (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - nvme: fix controller instance leak (git-fixes). - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: sanitize KATO setting (bsc#1179825). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns->file when open fails (bsc#1183873). - nvmet: use new ana_log_size instead the old one (bsc#1184259). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - power: supply: Use IRQF_ONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/entry: save the caller of psw_idle (bsc#1185677). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - sched/eas: Do not update misfit status if the task is pinned (git-fixes) - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - sctp: delay auto_asconf init until binding the first addr - seqlock,lockdep: Fix seqcount_latch_init() (bsc#1176564 bsc#1162702). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - tcp: fix to update snd_wl1 in bulk receiver fast path - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - vrf: fix a comment about loopback device (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: more destroy_workqueue() fixes (bsc#1185911). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1087082 SUSE bug 1133021 SUSE bug 1152457 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1162702 SUSE bug 1164648 SUSE bug 1176564 SUSE bug 1177666 SUSE bug 1178418 SUSE bug 1178612 SUSE bug 1179827 SUSE bug 1179851 SUSE bug 1182378 SUSE bug 1182999 SUSE bug 1183346 SUSE bug 1183868 SUSE bug 1183873 SUSE bug 1183932 SUSE bug 1183947 SUSE bug 1184081 SUSE bug 1184082 SUSE bug 1184611 SUSE bug 1184855 SUSE bug 1185428 SUSE bug 1185497 SUSE bug 1185589 SUSE bug 1185606 SUSE bug 1185645 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185696 SUSE bug 1185703 SUSE bug 1185725 SUSE bug 1185758 SUSE bug 1185859 SUSE bug 1185861 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185911 SUSE bug 1185938 SUSE bug 1185987 SUSE bug 1185988 SUSE bug 1186061 SUSE bug 1186285 SUSE bug 1186320 SUSE bug 1186439 SUSE bug 1186441 SUSE bug 1186460 SUSE bug 1186498 SUSE bug 1186501 SUSE bug 1186573 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 NonFree This update for opera fixes the following issues: Update to version 77.0.4054.146 - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114 - DNA-92171 Create active linkdiscovery service - DNA-92388 Fix and unskip WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible - DNA-93101 Tabs are being snoozed when tab snoozing is disabled - DNA-93386 Update pinboard view when item changes - DNA-93448 Make browser ready for Developer release - DNA-93491 Fix failing tests after enabling #pinboard flag - DNA-93498 Add additional music services - DNA-93503 Blank popup on clicking toolbar icon with popup open - DNA-93561 Do not allow zoom different from 100% in Pinboard popup - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers - DNA-93644 Create route for `import open tabs` to `pinboard` - DNA-93664 Adapt popup to design - DNA-93702 Turn on flags on developer - DNA-93737 [Pinboard] Remove Mock API - DNA-93745 Unable to open the popup after opening it several times - DNA-93776 Popup closes and reopens when clicking the toolbar button - DNA-93786 DCHECK after opening popup - DNA-93802 Crash at views::Widget::GetNativeView() const - DNA-93810 Add pinboard icon to sidebar - DNA-93825 Add pinboard to Opera menu - DNA-93833 [Player] Implement seeking for new services - DNA-93845 Do not log output of snapcraft on console - DNA-93864 Create feature flag for start page sync banner - DNA-93865 Implement start page banner - DNA-93867 Use version from package instead of repository - DNA-93878 [Player] Crash when current player service becomes unavailable when user location changes - DNA-93953 ‘Send image to Pinboard’ has the wrong position in the context menu - DNA-93987 Disable zooming popup contents like in other popups - DNA-93989 Change internal URL to opera://pinboards - DNA-93990 Update strings to reflect new standards - DNA-93992 Add Pinboards to Opera settings - DNA-93993 Pinboard translations from Master - DNA-94011 Enable feature flags for Reborn 5 on stable - DNA-94019 Add a direct link to settings - DNA-94088 Internal pages provoke not saving other pages to the Pinboard - DNA-94111 [O77] Sidebar setup does not open - DNA-94139 Crash at opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget() - The update to chromium 91.0.4472.114 fixes following issues: CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557, CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547, CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551, CVE-2021-30552, CVE-2021-30553 Important CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552 CVE-2021-30553 CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for go1.15 fixes the following issues: Update to 1.15.13. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names (bsc#1187443). - CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion (bsc#1186622). - CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty (bsc#1187444) - CVE-2021-33198: math/big: (*Rat).SetString with '1.770p02041010010011001001' crashes with 'makeslice: len out of range' (bsc#1187445). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1175132 SUSE bug 1186622 SUSE bug 1187443 SUSE bug 1187444 SUSE bug 1187445 CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for slurm_18_08 fixes the following issues: Security issues fixed: - CVE-2020-27745: Fixed a potential buffer overflow from use of unpackmem (bsc#1178890). - CVE-2020-27746: Fixed a potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178890 SUSE bug 1178891 CVE-2020-27745 CVE-2020-27746 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175448 SUSE bug 1175449 CVE-2020-24370 CVE-2020-24371 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for tcmu-runner fixes the following issues: - CVE-2021-3139: Fixed a LIO security issue (bsc#1180676). This update was imported from the SUSE:SLE-15-SP2:Update update project. Important SUSE bug 1180676 CVE-2021-3139 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for libqt5-qtwebengine fixes the following issues: Update to version 5.15.3 CVE fixes backported in chromium updates: - CVE-2020-16044: Use after free in WebRTC - CVE-2021-21118: Heap buffer overflow in Blink - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free in WebSQL - CVE-2021-21121: Use after free in Omnibox - CVE-2021-21122: Use after free in Blink - CVE-2021-21123: Insufficient data validation in File System API - CVE-2021-21125: Insufficient policy enforcement in File System API - CVE-2021-21126: Insufficient policy enforcement in extensions - CVE-2021-21127: Insufficient policy enforcement in extensions - CVE-2021-21128: Heap buffer overflow in Blink - CVE-2021-21129: Insufficient policy enforcement in File System API - CVE-2021-21130: Insufficient policy enforcement in File System API - CVE-2021-21131: Insufficient policy enforcement in File System API - CVE-2021-21132: Inappropriate implementation in DevTools - CVE-2021-21135: Inappropriate implementation in Performance API - CVE-2021-21137: Inappropriate implementation in DevTools - CVE-2021-21140: Uninitialized Use in USB - CVE-2021-21141: Insufficient policy enforcement in File System API - CVE-2021-21145: Use after free in Fonts - CVE-2021-21146: Use after free in Navigation - CVE-2021-21147: Inappropriate implementation in Skia - CVE-2021-21148: Heap buffer overflow in V8 - CVE-2021-21149: Stack overflow in Data Transfer - CVE-2021-21150: Use after free in Downloads - CVE-2021-21152: Heap buffer overflow in Media - CVE-2021-21153: Stack overflow in GPU Process - CVE-2021-21156: Heap buffer overflow in V8 - CVE-2021-21157: Use after free in Web Sockets Important SUSE bug 1130395 SUSE bug 1158516 SUSE bug 1163744 SUSE bug 1163766 SUSE bug 1182233 CVE-2020-16044 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21135 CVE-2021-21137 CVE-2021-21140 CVE-2021-21141 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21152 CVE-2021-21153 CVE-2021-21156 CVE-2021-21157 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed a use-after-free in bluetooth locking of hdev object (bsc#1186666). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601). - CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595). - CVE-2021-33624: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-34693: net/can/bcm.c in the Linux kernel allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452). - CVE-2020-36385: An issue was discovered in the Linux kernel drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463). - CVE-2020-36386: An issue was discovered in the Linux kernel net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861 bnc#1185863). The following non-security bugs were fixed: - ACPICA: Clean up context mutex during object deletion (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - ALSA: timer: Fix master timer notification (git-fixes). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - blk-settings: align max_sectors on 'logical_block_size' boundary (bsc#1185195). - block: Discard page cache of zone reset target range (bsc#1187402). - block: return the correct bvec when checking for gaps (bsc#1187143). - block: return the correct bvec when checking for gaps (bsc#1187144). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - brcmfmac: properly check for bus register errors (git-fixes). - btrfs: open device without device_list_mutex (bsc#1176771). - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - char: hpet: add checks after calling ioremap (git-fixes). - cxgb4: avoid accessing registers when clearing filters (git-fixes). - cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389). - cxgb4: fix wrong shift (git-fixes). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes). - drm/amd/amdgpu: fix refcount leak (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amdgpu: make sure we unpin the UVD BO (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drop PCIE_BW (removed by a backported patch) - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691) Nvidia switched its vGPU mechanism from mdev to SRIOV since Ampere architecutre. For the SRIOV implementation, they used pci-pf-stub module. We only need to enable CONFIG_PCI_PF_STUB here, other dependencies have been enabled already. - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes). - gve: Add NULL pointer checks when freeing irqs (git-fixes). - gve: Correct SKB queue index validation (git-fixes). - gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes). - gve: Upgrade memory barrier in poll routine (git-fixes). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: i2c-hid: fix format string mismatch (git-fixes). - HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes). - HID: magicmouse: fix NULL-deref on disconnect (git-fixes). - HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hwmon: (dell-smm-hwmon) Fix index values (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - kABI workaround for struct lis3lv02d change (git-fixes). - kernel-binary.spec.in: Add Supplements: for -extra package on Leap kernel-$flavor-extra should supplement kernel-$flavor on Leap, like it does on SLED, and like the kernel-$flavor-optional package does. - kernel-binary.spec.in: build-id check requires elfutils. - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer had a mkmakefile script - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - libertas: register sysfs groups properly (git-fixes). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix multipath lag activation (git-fixes). - net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - NFC: SUSE specific brutal fix for runtime PM (bsc#1185589). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not discard pNFS layout segments that are marked for return (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - nfsd: register pernet ops last, unregister first (git-fixes). - NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFSv42: Copy offload should update the file size when appropriate (git-fixes). - NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes). - NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes). - NFSv4: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI/LINK: Remove bandwidth notification (bsc#1183712). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - pid: take a reference when initializing `cad_pid` (bsc#1152489). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes). - PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - regulator: core: resolve supply for boot-on/always-on regulators (git-fixes). - regulator: max77620: Use device_set_of_node_from_dev() (git-fixes). - Revert 'ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()' (git-fixes). - Revert 'brcmfmac: add a check for the status of usb_register' (git-fixes). - Revert 'char: hpet: fix a missing check of ioremap' (git-fixes). - Revert 'char: hpet: fix a missing check of ioremap' (git-fixes). - Revert 'dmaengine: qcom_hidma: Check for driver register failure' (git-fixes). - Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 'isdn: mISDN: Fix potential NULL pointer dereference of kzalloc' (git-fixes). - Revert 'isdn: mISDNinfineon: fix potential NULL pointer dereference' (git-fixes). - Revert 'libertas: add checks for the return value of sysfs_create_group' (git-fixes). - Revert 'media: dvb: Add check on sp8870_readreg' (git-fixes). - Revert 'media: dvb: Add check on sp8870_readreg' (git-fixes). - Revert 'media: gspca: Check the return value of write_bridge for timeout' (git-fixes). - Revert 'media: gspca: Check the return value of write_bridge for timeout' (git-fixes). - Revert 'media: gspca: mt9m111: Check write_bridge for timeout' (git-fixes). - Revert 'media: gspca: mt9m111: Check write_bridge for timeout' (git-fixes). - Revert 'media: usb: gspca: add a missed check for goto_low_power' (git-fixes). - Revert 'net: liquidio: fix a NULL pointer dereference' (git-fixes). - Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes). - Revert 'qlcnic: Avoid potential NULL pointer dereference' (git-fixes). - Revert 'scsi: core: run queue if SCSI device queue isn't ready and queue is idle' (bsc#1186949). - Revert 'serial: max310x: pass return value of spi_register_driver' (git-fixes). - Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes). - Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489) - rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796) The product string was changed from openSUSE to Leap. - rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672) The previous commit made a module wrongly into Module.optional. Although it didn't influence on the end result, better to fix it. Also, add a comment to explain the markers briefly. - rpm/split-modules: Avoid errors even if Module.* are not present - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - sched/fair: Make sure to update tg contrib for blocked load (git-fixes) - scsi: aacraid: Fix an oops in error handling (bsc#1187072). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953). - scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1187067). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954). - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1186955). - scsi: bnx2i: Requires MMU (bsc#1186956). - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959). - scsi: cxgb4i: Fix TLS dependency (bsc#1186960). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962). - scsi: hisi_sas: Fix IRQ checks (bsc#1186963). - scsi: hisi_sas: Remove preemptible() (bsc#1186964). - scsi: jazz_esp: Add IRQ check (bsc#1186965). - scsi: libfc: Fix enum-conversion warning (bsc#1186966). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968). - scsi: lpfc: Fix ancient double free (bsc#1186969). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186970). - scsi: megaraid_sas: Clear affinity hint (bsc#1186971). - scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#1186972). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974). - scsi: mesh: Fix panic after host or bus reset (bsc#1186976). - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978). - scsi: mpt3sas: Fix ioctl timeout (bsc#1186979). - scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985). - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186987). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix Opal support (bsc#1186989). - scsi: sni_53c710: Add IRQ check (bsc#1186990). - scsi: sun3x_esp: Add IRQ check (bsc#1186991). - scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992). - scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993). - scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994). - scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186997). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998). - scsi: ufshcd: use an enum for quirks (bsc#1186999). - scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000). - scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - Update patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch (bsc#1184436 bsc#1186286). - usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - usb: core: reduce power-on-good delay time of root hub (git-fixes). - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - usb: dwc3: ep0: fix NULL pointer exception (git-fixes). - usb: fix various gadget panics on 10gbps cabling (git-fixes). - usb: fix various gadget panics on 10gbps cabling (git-fixes). - usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes). - USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes). - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - usb: gadget: eem: fix wrong eem header operation (git-fixes). - usb: gadget: eem: fix wrong eem header operation (git-fixes). - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes). - usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes). - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes). - USB: usbfs: Do not WARN about excessively large memory allocations (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes). - vrf: fix maximum MTU (git-fixes). - vsock/vmci: log once the failed queue pair allocation (git-fixes). - wireguard: allowedips: initialize list head in selftest (git-fixes). - wireguard: do not use -O3 (git-fixes). - wireguard: peer: allocate in kmem_cache (git-fixes). - wireguard: peer: put frequently used members above cache lines (git-fixes). - wireguard: queueing: get rid of per-peer ring buffers (git-fixes). - wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes). - wireguard: selftests: remove old conntrack kconfig value (git-fixes). - wireguard: use synchronize_net rather than synchronize_rcu (git-fixes). - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489). - x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489). - x86: fix seq_file iteration for pat.c (git-fixes). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - xprtrdma: Avoid Receive Queue wrapping (git-fixes). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes). Important SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1164648 SUSE bug 1174978 SUSE bug 1176771 SUSE bug 1179610 SUSE bug 1182470 SUSE bug 1183712 SUSE bug 1184212 SUSE bug 1184436 SUSE bug 1184685 SUSE bug 1185195 SUSE bug 1185486 SUSE bug 1185589 SUSE bug 1185675 SUSE bug 1185677 SUSE bug 1185701 SUSE bug 1185861 SUSE bug 1185863 SUSE bug 1186206 SUSE bug 1186286 SUSE bug 1186463 SUSE bug 1186666 SUSE bug 1186672 SUSE bug 1186752 SUSE bug 1186949 SUSE bug 1186950 SUSE bug 1186951 SUSE bug 1186952 SUSE bug 1186953 SUSE bug 1186954 SUSE bug 1186955 SUSE bug 1186956 SUSE bug 1186957 SUSE bug 1186958 SUSE bug 1186959 SUSE bug 1186960 SUSE bug 1186961 SUSE bug 1186962 SUSE bug 1186963 SUSE bug 1186964 SUSE bug 1186965 SUSE bug 1186966 SUSE bug 1186967 SUSE bug 1186968 SUSE bug 1186969 SUSE bug 1186970 SUSE bug 1186971 SUSE bug 1186972 SUSE bug 1186973 SUSE bug 1186974 SUSE bug 1186976 SUSE bug 1186977 SUSE bug 1186978 SUSE bug 1186979 SUSE bug 1186980 SUSE bug 1186981 SUSE bug 1186982 SUSE bug 1186983 SUSE bug 1186984 SUSE bug 1186985 SUSE bug 1186986 SUSE bug 1186987 SUSE bug 1186988 SUSE bug 1186989 SUSE bug 1186990 SUSE bug 1186991 SUSE bug 1186992 SUSE bug 1186993 SUSE bug 1186994 SUSE bug 1186995 SUSE bug 1186996 SUSE bug 1186997 SUSE bug 1186998 SUSE bug 1186999 SUSE bug 1187000 SUSE bug 1187001 SUSE bug 1187002 SUSE bug 1187003 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187067 SUSE bug 1187068 SUSE bug 1187069 SUSE bug 1187072 SUSE bug 1187143 SUSE bug 1187144 SUSE bug 1187171 SUSE bug 1187263 SUSE bug 1187356 SUSE bug 1187402 SUSE bug 1187403 SUSE bug 1187404 SUSE bug 1187407 SUSE bug 1187408 SUSE bug 1187409 SUSE bug 1187410 SUSE bug 1187411 SUSE bug 1187412 SUSE bug 1187413 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187795 SUSE bug 1187867 SUSE bug 1187883 SUSE bug 1187886 SUSE bug 1187927 SUSE bug 1187972 SUSE bug 1187980 CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-33624 CVE-2021-34693 CVE-2021-3573 cpe:/o:opensuse:leap:15.2 openSUSE Leap 15.2 This update for log4j fixes the following issues: - CVE-2021-44832: Fixes a remote code execution via JDBC Appender (bsc#1194127) This update was imported from the SUSE:SLE-15-SP2:Update update project. Moderate SUSE bug 1194127 CVE-2021-44832 cpe:/o:opensuse:leap:15.2